[funsec] Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers
Rob, grandpa of Ryan, Trevor, Devon & Hannah
rMslade at shaw.ca
Tue Jan 26 13:18:54 CST 2010
Date sent: Tue, 26 Jan 2010 18:24:16 +0100
From: "r.b." <r.b.hicks at gmail.com>
> This makes great copy but it doesn't sound like they've heard about,
> or bothered to take into consideration:
> Automated code generation
Having dealt with linguistic forensics for decades, I can assure you that it is
possible to identify authors and sources despite editors, publishers, and even
mangling from electronic communications systems. There are a huge number of
characteristics that can be used to identify people: my wife (who used to be a
secretary) even found characteristics "line lengths" in stuff people wrote.
When I got into software forensics, I found a wealth of identifiers there, too. Yes,
the utilities and tools muddy some issues, but they turn out to create identifiers
themselves, and the specific utilities and options used are also identifiers.
> Or a slipperier issue:
> Just because someone wrote the code doesn't mean they launched the attack.
True. That's what court cases are for.
> This idea has been hyped before without result. I don't expect that to
> change any time soon.
Unfortunately, probably correct. There is a great deal of research out there, and
wonderful stuff it is. But it does require testing and verification, and some money
to put it all together. Empire building, political infighting, and corporate
marketing of inferior products/services will doubtless ensure that it never gets used
====================== (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca slade at victoria.tc.ca rslade at computercrime.org
If God had wanted us to vote, he would have given us candidates.
- Jay Leno
More information about the funsec