Dailydave mailing list archives

Re: Semi-anonymized moderation.

From: Brian <bmc () snort org>
Date: Mon, 28 Jan 2008 17:04:23 -0500

On Mon, Jan 28, 2008 at 12:30:52PM -0800, Mark Loveless wrote:

I actually agree with you 100% on houses. However I was referring to
computers... ;-)

Here is the main reason the house argument doesn't work. I cannot
postal mail you a letter or a package that creates a hidden backdoor
into your house that only I have the key to. Sure maybe if I mailed
you a bomb, I could create a crude opening in your house, but it
would hardly be secret or hidden.


Again, small improvements are better than none.

Anthrax via postal mail might not blow a whole in your house, but it
has a good chance at killing most of the people inside.  Then what
would you do?  Oh, install a gamma irradiation system at the postal
service to proactively filter a newly used known attack at a common
choke point.

You can manually iron all of your inbound postal mail, since its
mostly good enough [0], or you could have your postal service
implement the filtering [1].  Yes, the postal service has known evasions
to this attack.  You can go on ironing your mail, I will continue to
let the postal service filter out most of the attacks.

Again, small improvements are better than none.

Now as for my comment about no security is better than lame
security, let me clarify. Yes the point was somewhat exaggerated to
drive the point home. However what I meant was, there are things you
can do from a hardening perspective that are just as effective as
A/V, and they are free.


By your exaggeration, you miss the point.  Every household has an
iron, ok you might not own one but most Americans probably do.  I
would much rather have the USPS use their known evaidable solution
than to convince everyone in the US to iron their mail.

Again, small improvements are better than none.

Brian

[0] - http://www.pittsburghlive.com/x/tribune-review/trib/pittsburgh/s_425621.html
[1] - http://www.usps.com/news/facts/lfu_021202.htm
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Semi-anonymized moderation. Dave Aitel (Jan 28)
- Re: Semi-anonymized moderation. Kowsik (Jan 28)
  - Re: Semi-anonymized moderation. Chris Rohlf (Jan 28)
    - Re: Semi-anonymized moderation. Jon Oberheide (Jan 28)
- Re: Semi-anonymized moderation. Brian (Jan 28)
  - Re: Semi-anonymized moderation. Mark Loveless (Jan 28)
    - Re: Semi-anonymized moderation. Brian (Jan 28)
    - Re: Semi-anonymized moderation. Lance M. Havok (Jan 28)
    - Re: Semi-anonymized moderation. Olef Anderson (Jan 28)
    - Re: Semi-anonymized moderation. Stephen John Smoogen (Jan 28)
- Re: Semi-anonymized moderation. Sec urity (Jan 28)