Security Basics mailing list archives
Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security."
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Wed, 17 May 2006 06:25:10 -0700
Security has to be correct 100% of the time. One omission can lead to an
I don't disagree with you. However aboslute security requires absolute non-existence of the information. For e.g. You can have IPS, IDS, DRM, TPM, AV, Firewall etc on your netowork, but as soon as somebody prints out that confidential document and tosses it in a garbage can, you security goes with it. Another e.g.: Everyone knows that one-time pad provides the "perfect secrecy". But then how did the British intercept the Soviet communications???? Soviet re-used the OTP, which allowed for statistical analysis and/or pattern matching. Re-using seemed pretty harmless at that time, but in retrospect it was a big mistake. Isn't everything in retrospect a mistake? Security has 3 core priciples Confidentiality(non-disclosure), Integrity, Availability(non-destruction). In in way Confidentiality is inversely propotional to Availability (i think). By making something available you are increasing the chances of its disclosure. So in theory 100% security is not possible. -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 -----------
Current thread:
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Bob Radvanovsky (May 12)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Saqib Ali (May 15)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 17)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Saqib Ali (May 17)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 20)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Stephen John Smoogen (May 20)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 23)
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Angela and Donald (May 24)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 24)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 17)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Saqib Ali (May 15)
- <Possible follow-ups>
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Bob Radvanovsky (May 23)