lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Threat Models (was Re: IE 

On Tue, 20 Jul 2004 21:41:30 +0200, Full-Disclosure said:
> Please im trying to hack, test, read, be 'up to date' & learn from the 
> full-disclosure-lists. Not learning or be teached economics, politics, 
> religion, ethics or beliefs, ( then ill go to MS ;-)

Keep in mind that except for the stereotypical "script kiddie", all of these
factors *do* enter into security.  It's all about threat models.

Would there be as many viruses if many hadn't been funded by spammers/criminals
who wanted a trojan delivery system?  Probably not - but you won't get a *real*
solution to the problem without understanding the economics driving the market
for virus writers.  Why are the writers taking that money, where are the
employers getting the money, and what benefit does each group find in it?

Many sites *do* have to worry about politically or idealogically driven
attacks.  Do you have to worry about attacks by radical Amish?  Probably not,
since their belief system won't let them use our technology against us.  Do you
have to worry about radical Mideastern fundamentalists?  Quite possibly, as
they don't have qualms about using our tech against us.  It's the rare site
that has *no* enemies at all - so it's a good idea to know who your enemies
are, and have at least an estimate of how far they'd go. (Standard police work
101 - "Did the deceased have any enemies, and would they have bashed the
deceased's head in with a candlestick?" ;)

It's nice to discuss theoretical issues of attacks and defenses on a lab network.
Unfortunately, most of us have systems that are in the Real World, and as such,
we need to worry about such things.  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040720/f0444ee2/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ