Charlie Li on 29 Aug 2018 11:48:18 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban... 

On 29/08/2018 14:03, Rich Kulawiec wrote:
> On Wed, Aug 29, 2018 at 08:24:12AM -0400, Rich Freeman wrote:
>> The problem is that the outcome of not allowing it is bad for the internet.
> 
> Allowing it is worse.  MUCH worse.
> 
>> If we're giving up on securing things at the protocol level and
>> allowing any host to connect to any other host, what is the whole
>> point of doing this Internet thing anyway, other than VPNs being
>> cheaper than dedicated lines?
> 
> Those days went away a couple of decades ago, thanks to a combination of
> incompetence, negligence, bad actors, and their enablers.  Since security
> is asymmetric, you can either spend continuously-increasing amounts
> of money and effort attempting to defend your operation from people
> who have *already put proof on the table* that they're your enemy...
> or you can solve your problem in a much more permanent way by removing
> them from your view of the Internet.  And while a security breach of
> your operation is obviously bad for you, it's also bad for all of us,
> since compromise of your operation will (variously) expose our data, or
> provide attackers with another platform from which to attack us, or worse.
> 
I'll add: a guy from New Jersey who, among other things in past lives,
worked at the NSA and built up their internet arsenal, then went and
built Estonia's property ownership blockchain (way before blockchain
became a buzzword), put the internet this way:

"The internet is the most dangerous thing we use on a daily basis."
> As I said before, I don't like this.  But it's reality.  Don't blame me:
> I worked for a very long time to stop this from happening (and I wasn't
> alone in that) but it didn't work out.  Too many people explicitly
> or implicitly supported the incompetent, the negligent, the bad actors,
> and their enablers, thus making them finanically successful...and
> ensuring that they would keep doing exactly what they were doing.
> Now we're faced with the consequences of that.
> 
In a recent (as in earlier this month) talk this guy gave that George
and myself had the *privilege* of absorbing, he states that this pattern
of poor, incompetent operations stands to show that what the public (get
made to) think are vulnerabilities, are actually business models!

-- 
Charlie "café bum" Li

(This email address is for mailing list use only; replace local-part
with vishwin for off-list communication)

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug