chargen is the new DDoS tool?

• Previous message (by thread): chargen is the new DDoS tool?
• Next message (by thread): chargen is the new DDoS tool?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 11 Jun 2013 22:55:12 -0400, <Valdis.Kletnieks at vt.edu> wrote:
> Do you have any actual evidence that a .edu of (say) 2K employees
> is statistically *measurably* less secure than a .com of 2K employees?

We're sorta lookin' at one now. :-)

But seriously, how do you measure one's security?  The scope is constantly  
changing.  While there are companies one can pay to do this, those reports  
are *very* rarely published.  And I've not heard of a single edu  
performing such an audit.  The only statistics we have to run with are of  
*known* breaches. And that's a very bad metric as a company with no  
security at all that's had no (reported) intrusions appears to have very  
good security, while a company with extensive security looks very bad  
after a few breaches.  One has noone sniffing around at all, while the  
other has teams going at it with pick-axes. One likely has noone in charge  
of security, while the other has an entire security department.

• Previous message (by thread): chargen is the new DDoS tool?
• Next message (by thread): chargen is the new DDoS tool?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]