But wouldn't it be interesting if, in the dark of night, Brian Krebs actually was a serious cyber-crimnal. And he used his reputation and knowledge to frame himself from time to time, just to throw off the fuzz. He's certainly smart enough to pull it off. (no, I don't think that's true that he's a cyber-criminal :-) )
> Let's say that these intimidation techniques make Brian give up journalism. Maybe he becomes too scared to write.
Advocates against anonymity do not get this. I guess they think the bad guys get arrested and the good guys have nothing to hide (asymptotically). They do not consider that the world is not black-and-white and that you may need to protect against technically lawful people.
Other than that, I did not know Krebs (but I had heard about this successful battle against spam) and it makes me want to know more. The website hackerfactor.com has a nice design and have potentially interesting content.
"If the only thing protecting your security is a lack of others knowing the secret, then you have no practical security."
My understanding is that "security by obscurity" is a condemnation of making algorithms and code part of the secret. A system reliant on others not knowing your (say) private SSH key may lack defense in depth but isn't "security by obscurity".
Its possible that "security by obscurity" has a different meaning in the programming world. When talking about computer or network security it is used to describe any mechanism that attempts to defend a system by hiding something. One of the classic examples of security by obscurity is when a person disables the broadcasting of the SSID on a wireless router.
My only "beef" with him, as such, is that he stoops to their level and releases the home address and contact information of people -- frequently young people if I remember correctly. I don't think these people should be free from consequences, but it doesn't warrant vigilante justice. I'm sure given that he has been personally targeted his judgment might be clouded though, and it's hard to know what I would do in that situation.
```
“I don’t see what a wall of text can really tell you about what someone does in real life though,” said Rasbora, whose real-life identity is being withheld because he’s a minor.
```
These Black Hats make their living off of companies and people with poorly implemented information security. Brian Krebs makes his living exposing Black Hats who themselves have poor information security. There is some delicious irony in the Black Hats' retaliation against Krebs.
No, it's a different attack. The one on Krebs' site was about 200 gbps and lasted 10 minutes, it was done by some kid who wanted to impress a gang or something. The 400 gbps one was against an unnamed site and lasted a couple of days.
Moderators changed the title from "Life of Brian" to "Life of Brian Krebs." I honestly think its a poorer title, and they could try and acquire a sense of humor.
Not the main point of the article, but I'm glad that he's going after malware authors. I don't think I've ever felt so simultaneously enraged and helpless as when I got infected.
The description of security by obscurity in this article reads a lot like Kerckhoff's principle, which when employed correctly is actually a virtue. Not to defend cybercrime, but completely covering your tracks (digitally or otherwise) is a very tricky problem - one that people have long tried to solve with both malicious and benevolent intent - and failings in that vein aren't necessarily of the level of amateurishness that the term implies.
To make the article more interesting to read you should've put the ending at the beginning (Barking up the wrong tree). Now while reading what you wrote I am trying to guess where it is heading. If you'd have written it reversed it would be more compelling and convincing.
Newspapers do the same thing; they write what is most important at the top and add details and examples further into the article.
>Newspapers do the same thing; they write what is most important at the top and add details and examples further into the article.
Inverted pyramid (this style of newspaper writing) has historical roots. The idea was that a typeset story--often wire service copy--could be (literally) cut off at just about any arbitrary paragraph break to fit in the available space.
There's an undercurrent on the article that is somewhat dismissive of Krebs--i.e. that all his scoops come from tips, and he gets good tips because he's so well known. It even says that if it weren't Brian it would be someone else.
The facts, are, though, that Brian started in the Washington Post mail room and has since worked his way into a column at the Post, and now success as an independent blogger. Neither of those were easy or assured for him.
So I would argue that there is something about Brian and/or his work that is special or noteworthy.
[+] [-] zacinbusiness|12 years ago|reply
[+] [-] beachstartup|12 years ago|reply
[+] [-] dblacc|12 years ago|reply
[+] [-] yoha|12 years ago|reply
Advocates against anonymity do not get this. I guess they think the bad guys get arrested and the good guys have nothing to hide (asymptotically). They do not consider that the world is not black-and-white and that you may need to protect against technically lawful people.
Other than that, I did not know Krebs (but I had heard about this successful battle against spam) and it makes me want to know more. The website hackerfactor.com has a nice design and have potentially interesting content.
[+] [-] michaelfdeberry|12 years ago|reply
[+] [-] dllthomas|12 years ago|reply
My understanding is that "security by obscurity" is a condemnation of making algorithms and code part of the secret. A system reliant on others not knowing your (say) private SSH key may lack defense in depth but isn't "security by obscurity".
[+] [-] phaus|12 years ago|reply
[+] [-] d23|12 years ago|reply
[+] [-] ehPReth|12 years ago|reply
``` “I don’t see what a wall of text can really tell you about what someone does in real life though,” said Rasbora, whose real-life identity is being withheld because he’s a minor. ```
[+] [-] fnordfnordfnord|12 years ago|reply
[+] [-] quarterto|12 years ago|reply
I take it he's talking about that[1] DDoS attack? So whoever it was launched the biggest attack in history to to get at one guy?
[1]: http://blog.cloudflare.com/technical-details-behind-a-400gbp...
[+] [-] omh|12 years ago|reply
it is possible that the attacker used only a single server running on a network that allowed source IP address spoofing
So perhaps one technically adept attacker, which isn't quite so surprising.
[+] [-] sp332|12 years ago|reply
[+] [-] ojbyrne|12 years ago|reply
[+] [-] kylec|12 years ago|reply
[+] [-] shmageggy|12 years ago|reply
[+] [-] jmileham|12 years ago|reply
[+] [-] mosselman|12 years ago|reply
Newspapers do the same thing; they write what is most important at the top and add details and examples further into the article.
Good thought and interesting examples though. :)
[+] [-] ghaff|12 years ago|reply
Inverted pyramid (this style of newspaper writing) has historical roots. The idea was that a typeset story--often wire service copy--could be (literally) cut off at just about any arbitrary paragraph break to fit in the available space.
[+] [-] snowwrestler|12 years ago|reply
The facts, are, though, that Brian started in the Washington Post mail room and has since worked his way into a column at the Post, and now success as an independent blogger. Neither of those were easy or assured for him.
So I would argue that there is something about Brian and/or his work that is special or noteworthy.
[+] [-] Pxtl|12 years ago|reply