Port 80

A little over a year ago, there was a brief furor among the internet security community when a company called Symbiot announced plans to develop a “counterstrike” security system which would combine traditional network defense measures — firewalls, intrusion detection systems, patching, and the like — with offensive countermeasures against network attacks. The use of offensive systems is, at the risk of understating matters, highly controversial among the security community. Some harbor ethical objections to the concept of offensive action, some feel that offensive systems represent a potential legal minefield (an accurate assessment), and some have argued that legitimizing offensive systems would lower the threshold between legal and illegal use of the Internet. At the time, my opinion was that offensive systems, love them or loathe them, were here to stay. Nation-states cannot leverage their monopoly on physical force into a monopoly on control of the Internet, necessitating the involvement of private entities in fighting malicious Internet activity.

Over the past few weeks, however, I have become increasingly convinced that this analysis — and all analyses I have seen — have neglected a critical portion of the problem. The traditional assumption about the use of a counterstrike system is that it will be slow, deliberate, and carefully controlled: purely defensive measures are applied first, followed by blacklisting, finally followed by offensive countermeasures. Furthermore, these offensive countermeasures are always described as being under the control of human operators. To date, discussion of these systems has been implicitly based on the assumption that counterstrike is a last resort and that a human will always be “in the loop.” Unfortunately, I’m not certain that any system which obeys either of these rules will be able to deal effectively with real-world Internet threats. The current state of the Internet may demand software that operates in seconds, not hours, and which may not be able to wait on human approval for its actions.

(more…)

Following that unexpected and entirely-too-long work-enforced hiatus, I’m going to provide a quick and highly compressed (UNIX users are now free to groan at the title) summary of the month of April before I launch back into blogging again. So, in bullet form, what happened during the last month of radio silence:

• The fallout from the Malkinlanch reached a peak when Athena of Terrorism Unveiled added Port 80 to her blogroll. I have been remiss in failing to thank her for that, and am particularly flattered that I stayed on her blogroll over the last month of dead silence. (Of course, I might have simply stayed on Athena’s blogroll becuase she was swamped with the Mother of All Exam Weeks.)

• Thanks to an e-mail tip from Thaleia, I entered the Organic Shadows Weblog Content Contest. Surprisingly enough, Port 80 ended up taking first place in the “General” catagory.

  One of the interesting things about this contest is the sheer diversity of the participants - no two entrants cover anything close to the same material. If you’re used to reading one or two blogs, I’d invite you to peruse the contestants. Glenn Reynolds isn’t the whole blogosphere - he’s merely skimming the cream which has risen to the top of thousands of blogs covering thousands of different topics.

• Finally, if you’re not reading The Hatemonger’s Quarterly, you should be. The Second Annual Horrible College Student Poetry Contest is a good starting point, ridiculing bad poetry with all the acerbic flair of a really good English teacher.

And, with that recap out of the way, it’s time to get right back into full-scale weblogging. Enough of this self-referential twaddle — on to the ludicrously long essays you came here for.

… and I’m all out of bubble gum. — They Live