Notices by Royce Williams (tychotithonus@infosec.exchange)

@ryanc
I think we agree more than we disagree! Especially when it it is probably better, but the ecosystem for the systems causing harm to be the explicit source of that harm, so that the ecosystem will start to respond to it appropriately. So I'm basically arguing myself out of silent discard even in my idealistic case!
@drscriptt @Sempf

@drscriptt

I'm interested in minimizing ecosystem harm / impact, even if I'm not the direct / attributable source. In the worst case, if I know that an upstream hop is going to generate backscatter if I reject in my DATA phase, and I know with high confidence that the content is spam, and I know that that upstream hop is not likely to change their ways any time soon ... it's a net lessening of ecosystem harm if I silently discard, rather than indirectly "trigger" predictable backscatter.

Yes, I know this is idealistic. :D

@ryanc @Sempf

@ryanc @Sempf Yeah, that's definitely an angle that wasn't as available to me back then. If past me it was working this, I would 100% be looking for a milter that did that!

@ryanc @Sempf I mean, I get that, but in the meantime the blowback still hits the innocent non-sender. As a troubleshooter, I 100% hated silent discard, but as a spam fighter from back in the day, never doing that produced a whole bunch of busy work and harm that was impossible to work around otherwise. (Rejecting early in the connection was of course ideal!). But I've been out of this game for more than a decade ...

@ryanc @Sempf That works fine when there are only two SMTP servers involved, but what happens when it is multi-hop?

@Sempf @ryanc
It's been awhile since I was in the daily email game, but I assume blowback is still a non-trivial problem, such that silent discard, despite non-compliance, might sometimes be preferable to innocent bystanders receiving blowback? But deciding when to do that must be complicated ...

Recently, I learned that Western Digital has decided to only partially implement the ATA Secure Erase featureset for initial price points for some storage products.

https://www.westerndigital.com/en-us/solutions/data-security/data-protection

Specifically, they are withholding the near-instantaneous "Crypto Erase" option (encrypt the entire drive with a strong key, and then discard the key) from some products, offering only "Sanitize Block Erase" (overwrite everything) at the entry-level price point.

Technically, Block Erase does comply with NIST 800-88 "Purge" level for SSDs, per Table A-8. But it wastes [size-of-drive] writes. And on modern drives, it can take a looong time to overwrite an entire HDD.

I understand the need to stratify pricing. But just like the "SSO tax" ... making security harder is never better for the ecosystem.

And by the time most people realize they wanted the better option ... the purchases will have been made (maybe years before), and the folks making the purchasing decision will likely be far removed (in time, org structure, and technical awareness) from the personnel suffering the consequences.

Bad form.

@Infoseepage Totally. Independent email with phishing-resistant MFA is the only defense -- and you have to be savvy enough to set it up in advance, before you get victimized.

Add Verizon to the list of companies that doesn't make sure that someone controls an email address ... before letting them apply it to their account.

I am not a Verizon customer.

Companies are rarely set up to get feedback about required account changes from non-customers.

(Yes, I'm aware of the other things you can do when this happens)

I swear every time Mark Zuckerberg ends up in the news and there's a new photo of him ... it looks like it's some different Mark from a different timeline.

Maybe they have some kind of timeshare agreement across the multiverse.

@petrillic Ahahah, indeed - or, maybe even worse, the obligatory:

https://xkcd.com/979/

There's a special place in Hades reserved for orgs with websites that, when the user uses the browser's "back" button, not only does it damage app state, but also destroys the user's current authentication session, requiring them to log back in.

There are five people at my day job that have the same first and last names.

TIL they have a permanent / dedicated email-deconfliction chat channel. :mind_blown:

@rysiek Either way, looks like we'll need a new edition.

@mischif

(Specifically, bcrypt is better with high user counts, where users can't tolerate high authentication latency. If you have only a few users, and/or they can tolerate authentication lag above a thousand milliseconds ... and you can handle a thundering herd of those ... Argon2, tuned higher, becomes better.)

@soatok

Potentially unpopular take:

Attribution is a distraction.

Most orgs are not mature enough for attribution to actually differentiate response (just like honeypots).

Layer 8 is obsessed with attribution -- perhaps to make things more dramatic / urgent? -- so it persists.

So such things get chased, to the detriment of the basics.

@ryanc Bless, curse me now with your fierce tears, I pray.

Since folks seem to be weighing in:

I'm not interested in Bluesky. I'm interested in building a durable community on its own terms.

Fool me once.

"Ross Anderson had agreed with his publisher, Wiley, that he would be able to make all chapters of the 3rd edition of his book Security Engineering available freely for download from his website. These PDFs are now available there." 🎉 💔

https://www.cl.cam.ac.uk/archive/rja14/book.html

(As noted at: https://www.lightbluetouchpaper.org/2024/11/12/sev3-download/ )

@ryanc Oh, definitely! An interesting experimental middle ground would be a modified Xerox PARC / Bell Labs model:

• everyone has a private office
• multiple types of communal space
• everyone lives a short distance from work
• people know when not to schedule in-person meetings