Comments for Vmyths http://Vmyths.com Truth about computer security hysteria Tue, 22 Sep 2009 01:09:03 -0700 http://wordpress.org/?v=2.9 hourly 1 Comment on Obama (!) spouts an urban legend in his cybersecurity speech by Rob Rosenberger http://Vmyths.com/2009/05/29/obama/comment-page-1/#comment-504 Rob Rosenberger Tue, 22 Sep 2009 01:09:03 +0000 http://Vmyths.com/?p=656#comment-504 ::My question, though, is how much do you ::think cyber-terrorism/security affects ::and costs the United States annually? Great question, Charley! Before I answer it, let me stress that while the "inside experts" claim they DO know the true scope of your question ... I insist they DON'T know the true scope. Extraordinary claims require extraordinary evidence, which we lack. The inside experts tell the public they can't divulge the truth because Osama bin Laden will use the knowledge to destroy the United States. Everything the public does know, overwhelmingly points to hyperbole and hysteria. So the skeptics say "stop crying wolf" and the inside experts say "we're Cassandras, you just wait and see." So. How much does it cost? Skeptical expert Bruce Schneier describes the cost as a "terrorism tax," similar to the Cold War tax although much more directly extracted from every American's pocketbook. I myself engage in hyperbole when I say "I honestly believe the cyber-terror tax exceeds its return on investment." Why, then, would I let the inside experts turn on me to demand "what evidence supports your belief"? Because I can then respond "well, you're the only one here who can give our audience the evidence they need to disbelieve me. But you won't cough up any evidence for scrutiny, will you?" Still, it doesn't answer your question. So let's make a (somewhat invalid) comparison. "Rob, did we spend too much on the Y2K hysteria?" The answer is "businessmen spent the right amount, but if they spent it in fear, then they spent the right amount for the wrong reason." A college-level logic course will teach you that, given a chocie, you'd rather spend the wrong amount for the right reason, than spend the right amount for the wrong reason. Terrorism of any sort is simply a matter of risk; the money you spend to mitigate it (repeat "mitigate") is essentially an insurance bet. (Professional poker players understand this logic as the "expected value of a hand." Pros would rather lose a hand for the right reason than win a hand for the wrong reason.) So, the answer to your question. The computer security industrial complex doesn't mitigate cyber-terror in a logical manner. We're spending money "wrong," and that's not right. ::Should we be paying more attention to it, ::not necessarily through fear mongering, ::but rather through indepth and accurate ::analysis and understanding? Yes. And I think the government should do it. Sadly, their research remains highly overclassified even by the government's own admission. But it's even worse than most experts realize, and we can expose it with a simple observation. We know the U.S. military analyzes the attacks it gets each day -- knowledge that remains completely out of reach to airmen & soldiers who would use the info to defend their home networks. It's valid to assume major intelligence agencies both friendly (e.g. Israel) and hostile (e.g. North Korea) target the home networks of career officers & sergeants who habitually take FOUO and (yes!) classified info home to work on it after duty hours. Military analysis would at least yield a realtime blackhole list, yet the knowledge goes to waste on home networks where it would prove particularly useful. I forget who once said "analysis that cannot be obtained is analysis that does not exist." The military's (public) release of a realtime blackhole list would do wonders in the realm of information protection. But they don't release it ... so it doesn't exist for those who could benefit from it. Crud. Did I just say "we do analysis wrong"? ...Did I answer both of your questions, Charley? ::My question, though, is how much do you
::think cyber-terrorism/security affects
::and costs the United States annually?

Great question, Charley! Before I answer it, let me stress that while the “inside experts” claim they DO know the true scope of your question … I insist they DON’T know the true scope. Extraordinary claims require extraordinary evidence, which we lack. The inside experts tell the public they can’t divulge the truth because Osama bin Laden will use the knowledge to destroy the United States. Everything the public does know, overwhelmingly points to hyperbole and hysteria. So the skeptics say “stop crying wolf” and the inside experts say “we’re Cassandras, you just wait and see.”

So. How much does it cost? Skeptical expert Bruce Schneier describes the cost as a “terrorism tax,” similar to the Cold War tax although much more directly extracted from every American’s pocketbook.

I myself engage in hyperbole when I say “I honestly believe the cyber-terror tax exceeds its return on investment.” Why, then, would I let the inside experts turn on me to demand “what evidence supports your belief”? Because I can then respond “well, you’re the only one here who can give our audience the evidence they need to disbelieve me. But you won’t cough up any evidence for scrutiny, will you?”

Still, it doesn’t answer your question. So let’s make a (somewhat invalid) comparison. “Rob, did we spend too much on the Y2K hysteria?” The answer is “businessmen spent the right amount, but if they spent it in fear, then they spent the right amount for the wrong reason.” A college-level logic course will teach you that, given a chocie, you’d rather spend the wrong amount for the right reason, than spend the right amount for the wrong reason. Terrorism of any sort is simply a matter of risk; the money you spend to mitigate it (repeat “mitigate”) is essentially an insurance bet. (Professional poker players understand this logic as the “expected value of a hand.” Pros would rather lose a hand for the right reason than win a hand for the wrong reason.)

So, the answer to your question. The computer security industrial complex doesn’t mitigate cyber-terror in a logical manner. We’re spending money “wrong,” and that’s not right.

::Should we be paying more attention to it,
::not necessarily through fear mongering,
::but rather through indepth and accurate
::analysis and understanding?

Yes. And I think the government should do it. Sadly, their research remains highly overclassified even by the government’s own admission.

But it’s even worse than most experts realize, and we can expose it with a simple observation. We know the U.S. military analyzes the attacks it gets each day — knowledge that remains completely out of reach to airmen & soldiers who would use the info to defend their home networks. It’s valid to assume major intelligence agencies both friendly (e.g. Israel) and hostile (e.g. North Korea) target the home networks of career officers & sergeants who habitually take FOUO and (yes!) classified info home to work on it after duty hours. Military analysis would at least yield a realtime blackhole list, yet the knowledge goes to waste on home networks where it would prove particularly useful.

I forget who once said “analysis that cannot be obtained is analysis that does not exist.” The military’s (public) release of a realtime blackhole list would do wonders in the realm of information protection. But they don’t release it … so it doesn’t exist for those who could benefit from it.

Crud. Did I just say “we do analysis wrong”?

…Did I answer both of your questions, Charley?

]]> Comment on Obama (!) spouts an urban legend in his cybersecurity speech by Charley Brown http://Vmyths.com/2009/05/29/obama/comment-page-1/#comment-502 Charley Brown Sat, 19 Sep 2009 15:11:01 +0000 http://Vmyths.com/?p=656#comment-502 I probably should have read part one before parts 2 and 3 of this article, but I do have a question. You mentioned in part 2 that government intelligence officials have lacked data and appropriate computations regarding the prevalence and cost of cyber-terrorism and cyber-security. Obama, Clinton and past Presidents have used faulty intelligence information to push agendas. My question, though, is how much do you think cyber-terrorism/security affects and costs the United States annually? Should we be paying more attention to it, not necessarily through fear mongering, but rather through indepth and accurate analysis and understanding? Perhaps it is the fear mongering, but I do feel that as we progress further into a global, digital environment, there is a need for cyber-security. Do I agree with Obama and his numbers on this issue? Not at all, I feel as if its a tactic to push agenda rather than really focusing on what should be done about it. I'm just curious to see how you feel about the core of the issue beyond Obama's blunder. -Charley Brown <a href="http://www.welivethis.com/newsfeed/2009/09/13/audio-engineering-schools/" rel="nofollow">Audio Engineering Schools</a> <a href="http://www.welivethis.com/newsfeed/category/hiphop-music/" rel="nofollow">Latest Hip Hop Music</a> I probably should have read part one before parts 2 and 3 of this article, but I do have a question. You mentioned in part 2 that government intelligence officials have lacked data and appropriate computations regarding the prevalence and cost of cyber-terrorism and cyber-security. Obama, Clinton and past Presidents have used faulty intelligence information to push agendas. My question, though, is how much do you think cyber-terrorism/security affects and costs the United States annually? Should we be paying more attention to it, not necessarily through fear mongering, but rather through indepth and accurate analysis and understanding? Perhaps it is the fear mongering, but I do feel that as we progress further into a global, digital environment, there is a need for cyber-security. Do I agree with Obama and his numbers on this issue? Not at all, I feel as if its a tactic to push agenda rather than really focusing on what should be done about it. I’m just curious to see how you feel about the core of the issue beyond Obama’s blunder.

-Charley Brown

Audio Engineering Schools

Latest Hip Hop Music

]]> Comment on Obama part 2: where did his “$1 trillion” guesstimate come from? by Charley Brown http://Vmyths.com/2009/05/29/obama-2/comment-page-1/#comment-501 Charley Brown Sat, 19 Sep 2009 14:45:41 +0000 http://Vmyths.com/?p=697#comment-501 Although I am an Obama supporter, I can't help but say that I'm not surprised. It seems as if the intelligence officials of each and every one of our past few presidents conjure up ridiculous numbers when trying to push their specific agenda. I had hoped Obama would be different, but I guess hope gets you no where. It is really sad that after 10-15 years, our top government intelligence officials have FAILED when it comes to compiling and understand cyber-security data. One would think the government could reach out to the most intelligent cyber-security experts to compile data that can help them better understand cyber-threats and the security measures that can be take at the least expense to the public. I'm not holding my breath. -Charley Brown <a href="http://www.welivethis.com/newsfeed/2009/09/13/audio-engineering-schools/" rel="nofollow">Audio Engineering Schools</a> <a href="http://www.welivethis.com/newsfeed/category/hiphop-music/" rel="nofollow">Latest Hip Hop Music</a> Although I am an Obama supporter, I can’t help but say that I’m not surprised. It seems as if the intelligence officials of each and every one of our past few presidents conjure up ridiculous numbers when trying to push their specific agenda. I had hoped Obama would be different, but I guess hope gets you no where.

It is really sad that after 10-15 years, our top government intelligence officials have FAILED when it comes to compiling and understand cyber-security data. One would think the government could reach out to the most intelligent cyber-security experts to compile data that can help them better understand cyber-threats and the security measures that can be take at the least expense to the public. I’m not holding my breath.

-Charley Brown

Audio Engineering Schools

Latest Hip Hop Music

]]> Comment on Somber experts ask “where were you when the Blaster worm struck?” by Thompson6111 http://Vmyths.com/2009/08/12/blaster/comment-page-1/#comment-497 Thompson6111 Mon, 14 Sep 2009 02:08:37 +0000 http://Vmyths.com/?p=846#comment-497 Damn can't believe it's been 6 years lol Damn can’t believe it’s been 6 years lol

]]> Comment on Should Vmyths bring back the podcasts? by Thompson6111 http://Vmyths.com/2009/08/17/podcasts/comment-page-1/#comment-496 Thompson6111 Mon, 14 Sep 2009 02:08:03 +0000 http://Vmyths.com/?p=868#comment-496 I loveddd some of the older podcasts. That would be great if they came back. Love to listen to them while exercising. Justin, creator of: <a href="http://easytechreviews.com/Reviews/RegistryEasy.html" rel="nofollow">Registry Cleaner Reviews</a> <a href="http://www.thedogtrainingguide.org/Secrets-To-Dog-Training.php" rel="nofollow">Dog Training</a> I loveddd some of the older podcasts. That would be great if they came back. Love to listen to them while exercising.

Justin, creator of:

Registry Cleaner Reviews

Dog Training

]]> Comment on Translation: “Aussie schoolchildren need a license to use the Internet” by David Boventer http://Vmyths.com/2009/09/01/license/comment-page-1/#comment-495 David Boventer Sat, 12 Sep 2009 10:07:28 +0000 http://Vmyths.com/?p=881#comment-495 There is a worldwide tendency to restrict Internet and the access to it. Partly out of political reasons (free exchange of opinions etc.), partly because many moneymongers see a chance here to reap easy cash. There is a worldwide tendency to restrict Internet and the access to it. Partly out of political reasons (free exchange of opinions etc.), partly because many moneymongers see a chance here to reap easy cash.

]]> Comment on Translation: “Aussie schoolchildren need a license to use the Internet” by Rob Rosenberger http://Vmyths.com/2009/09/01/license/comment-page-1/#comment-487 Rob Rosenberger Tue, 01 Sep 2009 23:20:36 +0000 http://Vmyths.com/?p=881#comment-487 Okay, let's get serious for a moment about Smith's bad analogy. Banking existed before <a target=_blank href="http://en.wikipedia.org/wiki/Jesus_and_the_money_changers" rel="nofollow">Jesus dissed the moneychangers</a>. Now, suddenly, Smith wants to make people earn the privilege to use banking services because the Internet made it too "dangerous." In Smith's utopia, you either get a "license to compute" or you don't compute. If your credit score is below 600, then congratulations! You get to hide your cash under the mattress. In Smith's utopia, you'd need a license to compute before you can place your digital income in the hands of, say, <a target=_blank href="http://en.wikipedia.org/wiki/Bernard_Madoff" rel="nofollow">Bernie Madoff</a>. Smith wants the government to determine if you're competent enough to shovel your life savings into a $50 billion ponzi scheme. Okay, you get the point. It's almost always a bad analogy when an expert uses the "driver's license" analogy in a computer security discussion. Don't fall for this computer security hype; demand a solid analogy. Okay, let’s get serious for a moment about Smith’s bad analogy.

Banking existed before Jesus dissed the moneychangers. Now, suddenly, Smith wants to make people earn the privilege to use banking services because the Internet made it too “dangerous.” In Smith’s utopia, you either get a “license to compute” or you don’t compute. If your credit score is below 600, then congratulations! You get to hide your cash under the mattress.

In Smith’s utopia, you’d need a license to compute before you can place your digital income in the hands of, say, Bernie Madoff. Smith wants the government to determine if you’re competent enough to shovel your life savings into a $50 billion ponzi scheme.

Okay, you get the point. It’s almost always a bad analogy when an expert uses the “driver’s license” analogy in a computer security discussion. Don’t fall for this computer security hype; demand a solid analogy.

]]> Comment on Translation: “Aussie schoolchildren need a license to use the Internet” by Hugo Roy (hugoroy) 's status on Tuesday, 01-Sep-09 10:38:25 UTC - Identi.ca http://Vmyths.com/2009/09/01/license/comment-page-1/#comment-486 Hugo Roy (hugoroy) 's status on Tuesday, 01-Sep-09 10:38:25 UTC - Identi.ca Tue, 01 Sep 2009 10:38:44 +0000 http://Vmyths.com/?p=881#comment-486 [...] http://Vmyths.com/2009/09/01/license/ a few seconds ago from web [...] [...] http://Vmyths.com/2009/09/01/license/ a few seconds ago from web [...]

]]> Comment on Should Vmyths bring back the podcasts? by Brian Epps http://Vmyths.com/2009/08/17/podcasts/comment-page-1/#comment-484 Brian Epps Sat, 29 Aug 2009 03:09:01 +0000 http://Vmyths.com/?p=868#comment-484 H - E - DoubleHockeySticks YES! Don't forget the cat tranquilizers! H – E – DoubleHockeySticks YES!

Don’t forget the cat tranquilizers!

]]> Comment on Should Vmyths bring back the podcasts? by xEODGuy http://Vmyths.com/2009/08/17/podcasts/comment-page-1/#comment-482 xEODGuy Wed, 26 Aug 2009 06:29:27 +0000 http://Vmyths.com/?p=868#comment-482 I'm with the rest...bring them back! I remember when you started doing the podcasts, and it was nice to hear the the voice behind the "voice". I hope to hear more of your insights! I’m with the rest…bring them back! I remember when you started doing the podcasts, and it was nice to hear the the voice behind the “voice”.

I hope to hear more of your insights!

]]>