Metadiscussion

84 views

Skip to first unread message

Jason A. Donenfeld

unread,

Dec 19, 2012, 9:21:33 PM12/19/12

to opsec-...@googlegroups.com

Hey everyone,

Opsec-discuss is exciting, because operational security is exciting,
and so is talking about all sorts of cloaks and daggers and kill
switches and chaos boxes and dead drops and secret handshakes and
wherever else fantasy meets reality, or where reality meets... more
reality.

On the other hand, discussing operational security seems more or less
opposite to actually having it. What reasonable person who needs
operational security would discuss it openly over the internet? Who
would release tools or techniques or philosophies that they actually
use?

So I wonder -- what types of discussions, in general, are
simultaneously on-topic and operationally secure to have on this list?

Jason

the grugq

unread,

Dec 19, 2012, 9:32:01 PM12/19/12

to opsec-...@googlegroups.com

On Dec 20, 2012, at 09:21 , "Jason A. Donenfeld" <Ja...@zx2c4.com> wrote:
> On the other hand, discussing operational security seems more or less
> opposite to actually having it. What reasonable person who needs
> operational security would discuss it openly over the internet? Who
> would release tools or techniques or philosophies that they actually
> use?

Good points. I view OPSEC discuss as a chance for a sort of intelligence analysis think tank to develop a set of known good best practices, tools, techniques and strategies for others to integrate into their tradecraft. That is, I believe that the best findings from opsec-discuss should be sort of OPSEC takeaways that don't rely on "security through obscurity" to be effective. As an example, "STFU" is a robust OPSEC principle. People knowing about it doesn't decrease its effectiveness.

> So I wonder -- what types of discussions, in general, are
> simultaneously on-topic and operationally secure to have on this list?

OPSEC theory, counter intelligence in the "cyber-sphere", lessons learned from OPSEC failures (e.g. the lulzsec busts), and so on. Discussion about a specific tool or technique would be ontopic as well, although if the tool's effectiveness relies on secrecy it would be best for the developer to be circumspect.

I am also looking to sound out ideas and explore them in long form. I've a post on that coming up shortly.

cheers,

--gq

Reply all

Reply to author

Forward

0 new messages