Anyone see a game changer here?

Steven Bellovin smb at cs.columbia.edu
Fri Jan 15 15:52:31 UTC 2010


On Jan 15, 2010, at 10:43 AM, Jared Mauch wrote:

> 
> On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
> 
>> Does anyone really believe that the use of targeted 0-day exploits to gain unauthorized access to information hasn't been at least considered if not used by spies working for other [than China] countries?
> 
> I think only those not paying attention would be left with that impression.
> 
> Spying has been done for years on every side of various issues.  Build a more complex system, someone will eventually find the weak points.
> 
> Personally I was amused at people adding cement to USB ports to mitigate against the "removable media threat".  The issue I see is people forget that floppies posed the same threat back in the day.
> 
> The reality is that the technology is complex and easily used in asymmetrical ways, either for DDoS or for other purposes.
> 
> The game is the same, it's just that some people are paying attention this week.  It will soon go back to being harmless background radiation for most of us soon.
> 

The "difference" this week is motive.

In the 1980s-1990s, we had joy-hacking.

In the 2000s, we had profit-motivated hacking by criminals.

We now have (and have had for a few years) what appears to be nation-state hacking.  The differences are in targets and resources available to the attacker.

		--Steve Bellovin, http://www.cs.columbia.edu/~smb









More information about the NANOG mailing list