Will Tor have Extrusion Detection?

Richard Bejtlich wonders in light of Tor being able to be used to anonymously attack other systems, will Tor add extrusion detection capabilities?

I seriously doubt it. First, there are technical reasons for this, namely each exit node would need to have their own policy since some operators would want very strict polices and others more open policies. Pushing knowledge of that policy to the rest of the network to make routing decisions would be very complex and incurr high overhead on a system which is by it’s nature not very efficent.

Secondly, adding additional monitoring to an anonymity system is just ass-backwards. The whole point of Tor is to allow people to be untraceable and access content that they normally are unable to access (get around filters) or unwilling to access if it was known they were accessing it. Actively monitoring anonymity systems reduces the effectiveness of the primary purpose of the system.

Lastly, most attack monitoring systems are simply ineffective out of the box. They require extensive configuration and tuning, something that a Tor node operator either has no interest, time or expertise to do.


SSL on the cheap

Well I finally got a real SSL certificate, signed by a trusted CA for www.synfin.net. For less then $20/yr no more annoying popups in webbrowsers, mail clients or my Treo. Anyways, overall I’ve got to say that GoDaddy made the process pretty painless and quick. So far I’ve tested Firefox and Safari and both seem to be happy with the cert. Two thumbs up.

One thing to note, if you’re grabbing the tcpreplay source from SVN the SSL Certificate has changed. If anyone knows how to pass in a certificate chain file for svn let me know.



Shame on Yahoo, Microsoft and Google. But part of me understands. For better or worse, companies are ultimately responsible to their shareholders, not morals or concepts of right and wrong. Even Google’s motto of “Do no evil” is convienently pushed aside when it becomes monetarilay inconvient.

Given the choice of helping the Chinese government put a dissident behind bars or pissing off the Chinese government which allows them access to the largest potential customer base, Yahoo decided to assist the communist dictatorship which resulted in Shi Tao getting 10 years in jail.

But perhaps the most scary thing is that Microsoft couldn’t say under oath wether or not IBM should be ashamed for helping the Nazi’s. I guess if even in hindsight you can’t figure out what is wrong, how can you be expected to know right here and now?


Fair Use under attack (again)

Actually, there are a lot of reasons why I support the Electronic Frontier Foundation.  One such reason, is that they’re one of the few organizations fighting for our Fair Use rights.  Fair Use provides some basic rights allowing greater creativity and expression of ideas.  It also is the legal basis for technologies that we take for granted like the VCR, Tivo and iPod.

And like so many other freedoms, Fair Use is under attack.  What are you going to do about it?


Where does one begin?

Your random quiz for the day:
Basically, a 12yr old boy has been charged with a felony for:

a) Bringing a gun to school

b) Selling drugs to his classmates

c) Joking that the powered sugar for his science experiment was cocaine

Meanwhile… Vice President Dick Cheney made a far more serious judgement error and shot someone in the head but apparently that’s ok.  (Yes, they’re calling it an “accident,” but any experianced hunter knows that they need to keep tabs on all members of their hunting party at all times and be aware of what they are shooting at, both of which Cheney failed to do in this case.)


VP of Eng.

At Mu we’re looking to hire a VP of Engineering. Anyways, I figured I’d list some of my interview questions I plan to ask.

  1. As a manger, what kind of environment makes you the most effective? The least?
  2. Every manager seems to claim they have an “open door policy”. How do you get people to walk through the door?
  3. What do you bring to the table that can help a fast growing startup continue to execute quickly and maintain quality?
  4. What role do you intend to play with regards to our CTO and VP of Product Management?
  5. What qualities do you look for in an engineer when interviewing? What are some red flags?
  6. What do you expect from your engineering teams? What should they expect from you?
  7. What are some pet peves?
  8. Complete the sentance: “I manage by…”
  9. How do you hope to improve by working at Mu?
  10. What do you read for fun and profit?
  11. Any questions for me?

Well that was painless…

Just upgraded this site to WordPress 2.0.1.  It was almost too easy.  Cool.

Anyways, today was just like most any other day.  Meetings, coding, fixing bugs… all that good stuff.  Earlier in the week, our company offically “launched” and started sending out press releases and all that sorta thing.  We even made slashdot.  Of course, the response wasn’t that great, but oh well… they don’t really understand what we’re doing, but that’s pretty standard for slash.

Anyways, you can check us out in all (well some) of our glory at the Innovation Station at the RSA Security Conference in San Jose later this month.