nanog mailing list archives
Re: Wireless insecurity at NANOG meetings
From: Vadim Antonov <avg () exigengroup com>
Date: Mon, 23 Sep 2002 00:27:06 -0700 (PDT)
On Sun, 22 Sep 2002, William Allen Simpson wrote:Sorry, any security requires a *SECRET*.
The only thing security really requires is *trust*. Secret keys won't do any good if the platform is compromised. Elaborate protections are useless if people who are allowed access are untruthworthy. No matter what you do it always boils down to trustworthiness of the physical implementations and people. Technological tricks simply modify the communication space by shifting vulnerable points around. This is often useful, but by no means can eliminate the need for inherently trusted devices and people at the end points. --vadim PS. As a side note - the "shocking" discovery that ObL's guys didn't really use steganography and other modern tricks much and still have world-wide network which is very hard to compromise or penetrate (all those montains of cool high-tech gagetry NSA has, notwithstanding) is a good illustration: they rely on the "first principle" of building trusted systems - i.e. building the network of personal loyalties and face-to-face communications, instead of fooling with techno fixes. PPS. I'm really really amazed at how people can consider any opaque system truthworthy. Most computer users naively trust their secrets to effectively every one of thousands of Microsoft engineers who can easily plant trapdoors. The same goes for trusting Intel. How hard it is for a CPU designer to plant an obscure bug causing switch to a privileged mode? It is hard _not_ to create trapdoors like that by mistake, even in much simpler designs (check the 30-year old report on Multics security).
Current thread:
- To late to add a Sunday Tutorial, base on MERIT data. Re: Wireless insecurity at NANOG meetings, (continued)
- To late to add a Sunday Tutorial, base on MERIT data. Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Message not available
- Re: Wireless insecurity at NANOG meetings Dave Crocker (Sep 22)
- Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Re: Wireless insecurity at NANOG meetings William Allen Simpson (Sep 22)
- Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 22)
- Re: Wireless insecurity at NANOG meetings William Allen Simpson (Sep 22)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings Vadim Antonov (Sep 23)
- Re: Wireless insecurity at NANOG meetings Kurt Erik Lindqvist (Sep 24)
- Re: Wireless insecurity at NANOG meetings Sean Donelan (Sep 22)
- Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Re: Wireless insecurity at NANOG meetings Dave Crocker (Sep 22)
- Re: Wireless insecurity at NANOG meetings alex (Sep 23)
- Re: Wireless insecurity at NANOG meetings Petri Helenius (Sep 23)
- Re: Wireless insecurity at NANOG meetings alex (Sep 23)
- Re: Wireless insecurity at NANOG meetings Simon Lockhart (Sep 23)
- Re: Wireless insecurity at NANOG meetings alex (Sep 23)
- Re: Wireless insecurity at NANOG meetings Richard Welty (Sep 23)