lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200405112320.i4BNKbl1031951@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Calcuating Loss 

On Tue, 11 May 2004 15:02:30 PDT, "Schmidt, Michael R." said:
 
> The consequences need to be severe enough.  In order to accomplish that our
> infrastructure has got to support the basic ability to find people who cause
> problems.  Anonymity is not an option.

You've got this totally ass-backwards.

If the network (*INCLUDING* end hosts) was secure enough that we were able
to deal with the creators of the zombies, trojaned boxes, and so on, then it would
be secure enough that we'd not have a *problem* with black hats having enough
zombies and trojaned boxes and so on...

The main reason why banks and LEO's can *afford* to spend lots of effort in
tracking down people who manage to steal stuff out of bank vaults is because
the vaults are tough enough to get *into* that it becomes a low-frequency event
that they can handle.  On the other hand, in many areas the local LEO isn't
able to do much about check fraud at the local businessplace, mostly because
the threshold for committing the fraud is much lower, so the frequency goes sky
high.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040511/41ed564a/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ