| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Calcuating Loss On Tue, 11 May 2004 15:02:30 PDT, "Schmidt, Michael R." said: > The consequences need to be severe enough. In order to accomplish that our > infrastructure has got to support the basic ability to find people who cause > problems. Anonymity is not an option. You've got this totally ass-backwards. If the network (*INCLUDING* end hosts) was secure enough that we were able to deal with the creators of the zombies, trojaned boxes, and so on, then it would be secure enough that we'd not have a *problem* with black hats having enough zombies and trojaned boxes and so on... The main reason why banks and LEO's can *afford* to spend lots of effort in tracking down people who manage to steal stuff out of bank vaults is because the vaults are tough enough to get *into* that it becomes a low-frequency event that they can handle. On the other hand, in many areas the local LEO isn't able to do much about check fraud at the local businessplace, mostly because the threshold for committing the fraud is much lower, so the frequency goes sky high. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040511/41ed564a/attachment.bin
Powered by blists - more mailing lists