| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... On Sat, 12 Mar 2005 16:33:46 CST, "J.A. Terranson" said: > *ALL* government pc's (whether US gov, UK gov, Martian gov., whatever) are > critical infrastructure bozo. Critical infrastructure: If it dies, things start breaking *very* badly, very quickly. If a PC directly related to managing calls in an E911 center dies, then emergency calls don't get routed. That's critical infrastructure. If something nails the NOC at AS701, large parts of the net could conceivably crash and there be no way to get things working. That's critical infrastructure. If some PC at the IRS gets whacked, then several hundred tax audits that were being handled by that tax agent get delayed until the system can be re-imaged and restored from backups. That's not critical infrastructure. Now tell me - what percent of government systems, if they were suddenly and unexpectedly unplugged from the network, would result in a partial or complete loss of network functionality? Things like routers, mail servers, Active Directory servers, and so on - *those* are "critical infrastructure". If you have critical infrastructure out on a secretary's desk, you're doing something *very* wrong.... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050313/aff87634/attachment.bin
Powered by blists - more mailing lists