Anyone see a game changer here?
Steven Bellovin
smb at cs.columbia.edu
Fri Jan 15 15:52:31 UTC 2010
On Jan 15, 2010, at 10:43 AM, Jared Mauch wrote:
>
> On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
>
>> Does anyone really believe that the use of targeted 0-day exploits to gain unauthorized access to information hasn't been at least considered if not used by spies working for other [than China] countries?
>
> I think only those not paying attention would be left with that impression.
>
> Spying has been done for years on every side of various issues. Build a more complex system, someone will eventually find the weak points.
>
> Personally I was amused at people adding cement to USB ports to mitigate against the "removable media threat". The issue I see is people forget that floppies posed the same threat back in the day.
>
> The reality is that the technology is complex and easily used in asymmetrical ways, either for DDoS or for other purposes.
>
> The game is the same, it's just that some people are paying attention this week. It will soon go back to being harmless background radiation for most of us soon.
>
The "difference" this week is motive.
In the 1980s-1990s, we had joy-hacking.
In the 2000s, we had profit-motivated hacking by criminals.
We now have (and have had for a few years) what appears to be nation-state hacking. The differences are in targets and resources available to the attacker.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
More information about the NANOG
mailing list