RE: counter-intuitive -- spam is good for you. anonymous assholes are your friend
On Thursday, October 02, 1997 11:54 AM, Attila T. Hun [SMTP:attila@hun.org] wrote:
if Phill is secure, what difference does it make if you assault him? my guess is he is not secure, and probably has no clue how to get from there to secure.
Because when you ring the alarm bell on my system it is answered by law enforcement and it costs about $10,000 a time to deal with the issue. Setting off fire alarms costs real money. Incidentally the security line you are pushing is a crock. To get real security I believe you have to have feedback and monitoring. This is especially important in an institutional setting where you may not have complete control of critical infrastructure. For my application simply hoping the guys with the white hats find security holes before those in the black ones do is simply not enough. In any case I'm not as complacent as Attila seems to think the security model has been amply reviewed by the best in the field. Threatening to catch the malefactor and put him behind bars is a valuable additional security tool. The more bad guys there are behind bars the less time I have to spend worrying. Phill
At 7:32 PM -0700 10/2/97, Phillip Hallam-Baker wrote:
On Thursday, October 02, 1997 11:54 AM, Attila T. Hun [SMTP:attila@hun.org] wrote:
if Phill is secure, what difference does it make if you assault him? my guess is he is not secure, and probably has no clue how to get from there to secure.
Because when you ring the alarm bell on my system it is answered by law enforcement and it costs about $10,000 a time to deal with the issue.
Hmmmhhh, you must have a law enforcement arrangement different from the ones around here (here being the Bay Area/Silicon Valley). Around here, law enforcement is usually the last to be brought in, and they in fact have little interest in answering computer intrusion alert calls. If it costs you, or the taxpayers (through your law enforcement situation), $10,000 for each quiver of your alarm system, maybe you ought to find ways to cut the costs. And setting off an alarm is not necessarily a crime, of course. Depends on where the alarm was placed. If someone bumps a car in a parking lot and sets off a motion sensor alarm, no crime has generally been committed. At least this is the situation in all the places I know of. And if dealing with a false car alarm cost $10,000, or even $100, this would tell the alarm owner to do something to reduce the number of false alarms.
Setting off fire alarms costs real money.
Indeed, because people panic, evacuate, leave work in progress, lose manufacturing runs, etc. But I can't think of many computer intrusion alarms which have the same effect, nor should they. If someone sets off panic alarms because an incorrect password is typed too many times, or some biometric test fails, or access to some files is unexplained, or whatever the alarms are, then this is an overreaction. Better security, better firewalls, write protecting Web sites, air gaps with the Net, or whatever, these would seem to be better alternatives than calling in the cops and running up a $10,000 bill for each alarm. (In any case, cops in my area will definitely _not_ come to my aid if I call them to report an attempted incursion into my system. Your cops must be different.) --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
-----BEGIN PGP SIGNED MESSAGE----- on or about 971002:2232 Phillip Hallam-Baker <hallam@ai.mit.edu> purported to expostulate: +On Thursday, October 02, 1997 11:54 AM, Attila T. Hun [SMTP:attila@hun.org] wrote: +> if Phill is secure, what difference does it make if you assault +> him? my guess is he is not secure, and probably has no clue how +> to get from there to secure. +Because when you ring the alarm bell on my system +it is answered by law enforcement and it costs about +$10,000 a time to deal with the issue. +Setting off fire alarms costs real money. my only comment is: "may you have many false alarms." waving the big stick of law enforcement as a warning is nothing more than a pre-potty trained bully with a bunch of goons to back him up as he stomps around his playpen. law enforcement did not deterred the hacks on the state department, the FBI, and even the CIA. I dont advocate the hacks, but it is amusing to watch the great watchdogs of security take a hit. with your spoiled brat rantings, you make your site as tempting as some of the other nose tweakers who need a serious attitude adjustment in other words, get off your fucking horse, it has a broken leg. dont forget to call home, your mums waiting. attila out +Incidentally the security line you are pushing is a crock. To get real +security I believe you have to have feedback +and monitoring. This is especially important in an institutional +setting where you may not have complete control of critical +infrastructure. For my application simply hoping the guys with the +white hats find security holes before those in the black ones do is +simply not enough. +In any case I'm not as complacent as Attila seems to think the security +model has been amply reviewed by the best +in the field. +Threatening to catch the malefactor and put him behind bars is a +valuable additional security tool. The more bad guys there are behind +bars the less time I have to spend worrying. + Phill -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: No safety this side of the grave. Never was; never will be iQCVAwUBNDSmob04kQrCC2kFAQHc3AP/aHozQ2yGoAV29tBc3E7Jy4afe1qc6IJw o5jKmAAV5mXBS13Vvm8EBb+Z4znGlyFxrW8WB+Tx9TXwYSAENKvGt2fnMkv82yuK DJwUefSCtibVMZAolT3iwVsJpxe6s+rHfqVOrC987dTwK7kxTIitF4qrp9zhq9ML OQ5j/wh/rqc= =Ezsh -----END PGP SIGNATURE-----
participants (3)
-
Attila T. Hun -
Phillip Hallam-Baker -
Tim May