motivating security, was Re: Every incident...
Edward Lewis
Ed.Lewis at neustar.biz
Mon Feb 12 15:22:53 UTC 2007
At 14:59 +0000 2/12/07, Alexander Harrowell wrote:
>The whole logic of modern computing is that everything migrates towards
>users. Why shouldn't security? After all, if people didn't let the nasties
>in, 'twould be very hard to start a botnet..
Regarding "letting the users in" there was a story on the news while
we were meeting in Toronto. A woman put her child in her car while
it was warming and then went back into the house "for 10 seconds." A
thief jumped in the car, drove a while, crashed and fled the scene,
stealing another car (that was also idling) to get away. The TV
reports were very sympathetic to the woman and her husband (who was
painted a hero for chasing down the suspect to the crash).
A week earlier, in the DC metro area, there was a story about the
police ticketing people for letting their cards idle unattended. The
reason for the report was awareness of a new enforcement of the law
that had been put on the books to stem auto theft in that county.
One woman was ticketed having left some small children in the car
while she went back into get one more item. The reporter asked "what
if someone ran here and just drove off?"
What I found interesting is the differences in the way the car owners
were portrayed. It's not a US v. Canada thing, but just a point of
view. Similarly, are the people who are running exploitable machines
the cause of the problem or victims of those exploiting the machines?
I don't mean to say that the car owners or computer users are free
from blame. But holding a sentiment of just blaming users is not
helpful. OTOH, if there was something the operators could clearly do
to stop this, someone would have suggested it by now. (There are all
them laws about snooping traffic, etc.)
I thought I had a conclusion ... but I don't.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
"Two years ago you said we had 5-7 years, now you are saying 3-5. What I
need from you is a consistent story..."
More information about the NANOG
mailing list