Site defaced - what next?

Jeff Kinz jkinz at kinz.org
Sun Aug 8 13:10:00 EDT 2004


On Sun, Aug 08, 2004 at 02:05:23PM +0900, Derek Martin wrote:
> On Sun, Aug 08, 2004 at 12:17:44AM -0400, Fred wrote:
> > There has been so many problems with the FBI, ATF, and other law
> > overenforcement agencies in the past we must be wary of giving them
> > even more power if we can only do the *simple steps* to protect
> > ourselves first.
> 
> Fred, I agree with your post entirely, as I often find to be the case.
> I'd been intending to reply to Jeff's post with a similar post, and
> now I don't need to... thanks.  :)

To the GNHLUG mail list - Sorry for the long post.  This discussion is 
getting very involved.

Fred and Derek - perhaps we should start a mailing list of our own to
carry this discussion onward.  (Although I have managed to inject 
Open Source into the thread with this post!)

We could call it LibertariansAtOddsWithEachOther (But thats expected!).

Fred and Derek, I agree with most of both of you have said.  There is a 
problem with the steady erosion of rights today.  This is a frightening
trend that must be reversed.  However I find myself mostly having more 
questions than answers about all of this.

Are we going to get rid of the Police and the FBI and the rest of the
security alphabet?  Should we ?  

And there is also a growth trend in cyber crime which must be addressed.

Now, the rugged individualists which this email list is comprised of
can and do, in general, take care of themselves in the cyber security
department and so we find less need for help in this area then the
general public.

But the general public will never be able or desirous of taking care of
their own security and they will need law enforcement (As well as better
efforts on the part of the software vendors) to help them in this area. 

> 
> Our goal as a society should NOT be to allocate more resources to law
> enforcement, but LESS.  That is, we should be striving to create a
> society where less law enforcement is required, because people police
> themselves.  

Absolutely agree with this!

> How do we do that?  That's the question we should be asking...

Apply the principles of Open Source (Openness), to Government.... 
Seriously - this, to me seems to be the only way to have a transparent,
responsible, and accountable to the public, government. Will governments
and government agencies move voluntarily in this direction?

In a pig's eye, they will! They will have to be pushed, thrust, towed,
etc.. to be converted.

Regarding the following items which seem to indicate that y'all
believe that various enforcement/intelligence agencies are 
deliberately allowing various human catastrophe's to happen in order to
accumulate  more power and money for their departments:

Never attribute to malice that which can be adequately explained by
stupidity. --"Hanlon's Razor"; variations variously attributed to
Goethe, Napoleon Bonaparte, William James, Robert Heinlein, and the
possibly apocryphal Robert J. Hanlon.
(http://en.wikiquote.org/wiki/Stupidity)

And there is no human endeavor which is collectively stupider than a
bureaucracy.
> 
> > Funny thing is, they did not use their power to stop and prevent the
> > real tragedy, even thought they were fully aware of truly suspicious
> > activities afoot. 
> 
> Indeed.  I have seen video footage of news reports indicating that ATF
> agents working out of the Federal Building in Oklahoma City were paged
> the morning of the bombing and told not to report to work that
> morning, suggesting that the ATF knew about this bombing in advance
> also, and did nothing to stop it.  News reports from local reporters
> on the scene also differ substantially on the events that transpired
> from official reports that came from the government and law
> enforcement agencies subsequently.
> 
> In the case of both the attack on the WTC and the Federal Building,
> we know that federal law enforcement agents had prior knowledge, but
> did nothing to stop the attacks.  People are reluctant to ask the
> obvious question: WHY?  The reason for their reluctance is because of
> an unwillingness to believe that the government is up to some funny
> business.  The implication is somewhat sinister...  The only logical
> conclusion seems to be that law enforcement agencies WANTED these
> attacks to occur, in order to convince the public that giving them
> more power is justified.

	Assumes a willful act instead of a typical bureaucratic SNAFU
like the one that destroyed Challenger.  I think the latter is more likely.

> As you rightly point out though, even if we give them the power they
> want, they can not protect us.  Anyone with the knowledge can go to
> the grocery store and purchase materials to make a bomb, and deliver
> it pretty much anywhere they want to, barring the offices of certain
> financial and government agencies.  Even if we lived in a totalitarian
> police state, people would find ways to make attacks.  The price is
> too high, and we must refuse to pay it NOW, before it is too late.

Very true- and adequately demonstrated by other places on the planet 
today and throughout recent history.

> > You are thinking by Western (really, US) standards of law
> > enforcement and community relations. One cannot assume the rest of
> > the world operates the same as we do or would even have the same
> > concerns.  Besides, the efforts it would take to get some local
> > police in some town near Moscow to go after a suspect would be
> > great, and again I am not convinced they would care.
Reciprocity would be involved.  They care when they have the same
problem.
> 
> The reality seems to be that under a variety of pressures from the US
> and its business interests, law and its enforcement is slowly becoming
> on par with that in the US in most modernized countries.  We have seen
> this with treaties dealing with, of all things, copyright protections.
> In the grand scheme of things, is this the most important thing we
> should be writing treaties about?  Don't we have bigger world problems?

Sure, but they are trying all the problem areas in parallel. We have
to try to make sure that the US doesn't roll up the entire world into
one big happy DMCA family.  Dealing with the heat death of the Universe 
will take a little longer. :)

> > But the drug bust story makes good copy. 
Enforcing illegal drug laws is an exercise in total delusion, and a
swell way to get a really big budget.  The biggest addiction problem in
the drug area is the addiction the enforcement agencies have for that
money.  Prohibition proved that no level of enforcement effort will be
able to stop people from using whatever recreational chemicals they
want.  Drop the drug laws and put a tenth of that money into job
training (or something to give people skills and self respect), and
then send the rest back to the taxpayers. (or send it to me! I'm
certain I can make good use of it on behalf of civilization :) )

> > As does the "I fought the
> > spammer." One down, 100,000 more to go, and 100 more to replace this
> > And now we want the same mess in cyberspace? I would think not! The
> > technological solution is our *only _real_ option*. The legal/law
> > enforcement option is only an *after the fact* measure that may actually
> > make the problem worse, as now those who love a challenge of not being
> > caught will be lured into cracking.
I think most who love that challenge are already doing it.  "Some"
enforcement effort would least get rid of the 80-98% of the population who
are doing casually and have no real skills. (The script kiddies).

And for any enforcement effort to work, a technological solution is also
required.  It needs to work automatically, in real time and has to be
part of each ISP's infrastructure.  Or were you thinking that we can
harden each individual system?

> 
> Not to mention the fact that new laws and increasingly invasive law
> enforcement efforts give people more political cause to engage in
> civil disobedience...
> 
> > History has taught us -- and painfully so -- that "cracking down" does
> > little to deter crime, and actually may enhance crime rates, as
> > "violence begets violence." Even the threat of medieval torture did not
> > stop crime in the past. What makes anyone think that today's much softer
> > forms of "deterrence" will be anymore effective?
> 
> Sad, but true.  So, let's keep law enforcement out of cyberspace as
> much as possible then, shall we?

Agreed, but - how much is "as much as possible" when most cyber user's
are nearly clueless? And willfully intend to remain so?

Please don't assume I'm looking down on the general public.  I'm
thinking of folks like my mother and "Aunt Tillie".  bright, capable
people in their own right, who have skills and knowledge that we all
lack, but reciprocally, they lack our technology skills and have no
desire to acquire them. 


> > Blame Redmond for the travails the general public is going though
> > now.  And I will flat out state that no level of "crack down" will
> > deter those who write viruses and spew forth spam and crack systems.

Well,  "some" versus "none" ( the current level) will have a much better 
effect that not.

> 
> Well, let's not blame the people of Redmond; let's be clear about who
> are targets are.  Microsoft is a big one, but they're not the only
> ones...  We, especially, must remember that one of the main reasons
> why people started writing viruses and other malware was to illustrate
> the problems with the software which has been developed.  The reason
> for the current proliferation is at least partly because we haven't
> improved much in 30 years...

Didn't I read about some new instructions/architecture changes being
made by both Intel and AMD to keep buffer overflow attacks from working
in their CPU chips?

> Microsoft is a most visible and most hated example of this, and hence
> they are a big target.  But they are not alone.  Until we as consumers
> hold responsible software companies who sell poor quality software,
> and force them to write better software, the situation will not
> change.
Hmm - can/will the consumers actually do anything about this?  How do we 
catalyze this effort?  DRM awareness day at Best Buy in Nashua?

Lynch a virus author?  (You hold 'em, I'll get the Bolt cutters...  :) )

No answers here - but definitely worried about the same issues, while
not yet ready to abandon the current tools, problematic as they are.

-- 
Linux/Open Source.  The New Base.  
Now All your base belongs to you, for free.

Jeff Kinz, Emergent Research, Hudson, MA.



More information about the gnhlug-discuss mailing list