reliance that's scary
Major Variola (ret)
mv at cdc.gov
Sun Aug 17 08:43:52 PDT 2003
At 10:13 AM 8/16/03 -0400, Roy M. Silvernail wrote:
>
>Security, as Schneier says, is a process. It's also a mindset, and I
think
>one either has the mindset or he doesn't. And for those that don't
have it,
>it is *very* difficult to impart.
And you don't get any droid-demonstrable features for all your efforts.
Whereas being able to control <whatever> from a network has
gee-whiz sellability.
And the customer has a hard time imagining the attack -how are they
going to find the network, how are they going to guess the password.
I had the pleasure ca 1997 of figuring out how to browser-enable a
multiton
industrial machine (the kind with big red "stop" buttons, rotating
lights on it when it was operating, and stickers showing various forms
of dismemberment possible) once. A password was the only
access control. I hope anyone who installed this understood firewalling
and air gapping...
(Meanwhile, my garage door is "protected" merely by the number of
possibilities, 256)
More information about the cypherpunks-legacy
mailing list