Dailydave mailing list archives
Re: Semi-anonymized moderation.
From: Brian <bmc () snort org>
Date: Mon, 28 Jan 2008 17:04:23 -0500
On Mon, Jan 28, 2008 at 12:30:52PM -0800, Mark Loveless wrote:
I actually agree with you 100% on houses. However I was referring to computers... ;-) Here is the main reason the house argument doesn't work. I cannot postal mail you a letter or a package that creates a hidden backdoor into your house that only I have the key to. Sure maybe if I mailed you a bomb, I could create a crude opening in your house, but it would hardly be secret or hidden.
Again, small improvements are better than none. Anthrax via postal mail might not blow a whole in your house, but it has a good chance at killing most of the people inside. Then what would you do? Oh, install a gamma irradiation system at the postal service to proactively filter a newly used known attack at a common choke point. You can manually iron all of your inbound postal mail, since its mostly good enough [0], or you could have your postal service implement the filtering [1]. Yes, the postal service has known evasions to this attack. You can go on ironing your mail, I will continue to let the postal service filter out most of the attacks. Again, small improvements are better than none.
Now as for my comment about no security is better than lame security, let me clarify. Yes the point was somewhat exaggerated to drive the point home. However what I meant was, there are things you can do from a hardening perspective that are just as effective as A/V, and they are free.
By your exaggeration, you miss the point. Every household has an iron, ok you might not own one but most Americans probably do. I would much rather have the USPS use their known evaidable solution than to convince everyone in the US to iron their mail. Again, small improvements are better than none. Brian [0] - http://www.pittsburghlive.com/x/tribune-review/trib/pittsburgh/s_425621.html [1] - http://www.usps.com/news/facts/lfu_021202.htm _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Semi-anonymized moderation. Dave Aitel (Jan 28)
- Re: Semi-anonymized moderation. Kowsik (Jan 28)
- Re: Semi-anonymized moderation. Chris Rohlf (Jan 28)
- Re: Semi-anonymized moderation. Jon Oberheide (Jan 28)
- Re: Semi-anonymized moderation. Chris Rohlf (Jan 28)
- Re: Semi-anonymized moderation. Brian (Jan 28)
- Re: Semi-anonymized moderation. Mark Loveless (Jan 28)
- Re: Semi-anonymized moderation. Brian (Jan 28)
- Re: Semi-anonymized moderation. Lance M. Havok (Jan 28)
- Re: Semi-anonymized moderation. Olef Anderson (Jan 28)
- Re: Semi-anonymized moderation. Stephen John Smoogen (Jan 28)
- Re: Semi-anonymized moderation. Mark Loveless (Jan 28)
- Re: Semi-anonymized moderation. Kowsik (Jan 28)
- Re: Semi-anonymized moderation. Sec urity (Jan 28)