[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200405112320.i4BNKbl1031951@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Calcuating Loss
On Tue, 11 May 2004 15:02:30 PDT, "Schmidt, Michael R." said:
> The consequences need to be severe enough. In order to accomplish that our
> infrastructure has got to support the basic ability to find people who cause
> problems. Anonymity is not an option.
You've got this totally ass-backwards.
If the network (*INCLUDING* end hosts) was secure enough that we were able
to deal with the creators of the zombies, trojaned boxes, and so on, then it would
be secure enough that we'd not have a *problem* with black hats having enough
zombies and trojaned boxes and so on...
The main reason why banks and LEO's can *afford* to spend lots of effort in
tracking down people who manage to steal stuff out of bank vaults is because
the vaults are tough enough to get *into* that it becomes a low-frequency event
that they can handle. On the other hand, in many areas the local LEO isn't
able to do much about check fraud at the local businessplace, mostly because
the threshold for committing the fraud is much lower, so the frequency goes sky
high.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040511/41ed564a/attachment.bin
Powered by blists - more mailing lists