Re: Fwd: n3td3v has a fan

["G. D. Fuego" <gdfuego () gmail com>]

On Mon, Apr 14, 2008 at 3:04 PM, n3td3v <xploitable () gmail com> wrote:

> There are many ways the parking setup could be used against Yahoo
> adversaries, think car bomb, or truck bomb? It was hugely
> irresponsible of Yahoo to allow such photos to be taken by on-the-fly
> employees.

The biggest problem with this theory is that a car bomb attack against Yahoo
is incredibly unlikely.  When you're looking to implement security controls
against a potential threat, you need to take in account the likelihood of
the threat.  You actually end up using a lot of the same math that an
insurance adjuster would take into account (ugh).  If you try to defend
against every single possible yet unlikely occurrence, then you'll end up
missing out on the more likely yet less devastating problems.

But lets assume for a second that someone was planning on car bombing
Yahoo.  The lack of photos will barely slow them down.  If you can't find
photos, you can generally get building plans (public records).  If you can't
get building plans, you just drive into the building and take your best
guess as to where the most devastating place to park would be.

The real protection would be access control to the garage, NOT preventing
photographs.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/