lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200503140449.j2E4mxe3004702@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Re: Reuters: Microsoft to give holes info

On Sun, 13 Mar 2005 20:58:01 +0100, derek@...elofsin.net said:

> For instance, if the entire IRS database (and all backups) went up in a
> puff of smoke, the internet as a whole would likely experience only a
> small disturbance.

Actually, I *DID* mention an IRS machine, so I *am* aware of the definition of
"critical" infrastructure in your sense.  Even over at the IRS, the vast
majority of boxes are *not* "critical" in that if they get whacked, the whole
IRS comes screeching to a halt.  Yes, there's some critical database boxes and
the like over there, and over at the Social Security Administration, and in the
military, and Dept of Interior, and so on.

But the vast majority of machines in *all* those places are just workstations
on the desks of civil service drones.

Proof:  Western Civilization doesn't come to a grinding halt every time a virus
gets loose in the government systems, any more than it comes to a halt when the
same virus gets loose inside Ford Motor Company.  By what magical property do
"most systems" inside government become "critical", when the same system on the
desktop of somebody doing the same function in a corporate environment doesn't
qualify as such?

Loss of the database server that has your payroll data on it is "critical".
Loss of the desktop computer that somebody uses to update the data isn't
critical - or if it *is*, it won't be for long - your replacement will find
a way to make sure the function can be re-imaged onto another system quickly. ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050313/51bbc264/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ