Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing

• Previous message (by thread): Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
• Next message (by thread): Lease4web abuse contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Sat, 18 Apr 2009 03:21:06 BST, "andrew.wallace" said:
> > The network community and the security community need to collaborate
> > as much as possible to defeat the threats.
> >
> > I'm British and i'm hoping to make UK as secure as possible.
> 
> Umm. You missed the *very first* principle of proper security design.
> 
> It shouldn't be "as secure as possible". It should be "as secure as it
> needs to be".
> 
> I mean, I suppose you *could* go with mil-spec security, where all
> materials are kept in a locked safe under armed guard, and you had to
> fill out paperwork for each piece of paper you took out of the safe,
> and then more paperwork when you returned it.  But did you *really*
> want all that effort just to check the headlines on bbc.com?

Let's not ignore the fact that if you set unreasonably high security standards
most likely: a) twitter.com or bbc.com wouldn't exist because of the high
security scrutiny they'd have been under before being allowed to connect to 
anything and b) even if they didn't you wouldn't be able to see them because
of the high security scrutiny you'd be under before you were allowed to connect.

No one dies from an attack on twitter. Let the court/justice system deal with it whenever they get around to it. It keeps IT folks in jobs all over the place, gives the news things to write about, and gives the NANOG mail servers something to use the network for. 

Intelligence/security folks are tasked to deal with other things and with a real level of severity -- and it's quantifiable (at least in theory ;) ). 

Another point, security is ephemeral - A wall used to be the "secure as possible" solution to protect cities from invaders. An entertainment novelty in China rendered them obsolete when this black powder was reapplied to warfare. Some attacks (e.g. botnets) can only exist because we all have done a great job building networks over the last 15 years. Now we have new challenges. They all take their own time to mature and address.

Deepak Jain
AiNET

• Previous message (by thread): Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
• Next message (by thread): Lease4web abuse contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]