Full Disclosure mailing list archives
Re: Calcuating Loss
From: Valdis.Kletnieks () vt edu
Date: Tue, 11 May 2004 19:20:37 -0400
On Tue, 11 May 2004 15:02:30 PDT, "Schmidt, Michael R." said:
The consequences need to be severe enough. In order to accomplish that our infrastructure has got to support the basic ability to find people who cause problems. Anonymity is not an option.
You've got this totally ass-backwards. If the network (*INCLUDING* end hosts) was secure enough that we were able to deal with the creators of the zombies, trojaned boxes, and so on, then it would be secure enough that we'd not have a *problem* with black hats having enough zombies and trojaned boxes and so on... The main reason why banks and LEO's can *afford* to spend lots of effort in tracking down people who manage to steal stuff out of bank vaults is because the vaults are tough enough to get *into* that it becomes a low-frequency event that they can handle. On the other hand, in many areas the local LEO isn't able to do much about check fraud at the local businessplace, mostly because the threshold for committing the fraud is much lower, so the frequency goes sky high.
Attachment:
_bin
Description:
Current thread:
- RE: Calcuating Loss Jos Osborne (May 11)
- <Possible follow-ups>
- RE: Calcuating Loss Jos Osborne (May 11)
- Re: Calcuating Loss Valdis . Kletnieks (May 11)
- RE: Calcuating Loss Schmidt, Michael R. (May 11)
- Re: Calcuating Loss Valdis . Kletnieks (May 11)
- Re: Calcuating Loss Alexander Schreiber (May 11)
- RE: Calcuating Loss Schmidt, Michael R. (May 12)
- Re: Calcuating Loss Valdis . Kletnieks (May 12)
- RE: Calcuating Loss Frank Knobbe (May 12)
- RE: Calcuating Loss Gary E. Miller (May 12)
- RE: Calcuating Loss Frank Knobbe (May 12)
- RE: Calcuating Loss Gary E. Miller (May 12)
- RE: Avoiding traceability (was: Calculating Loss) Frank Knobbe (May 12)
- RE: Avoiding traceability (was: Calculating Loss) Ron DuFresne (May 13)
- Re: Calcuating Loss Valdis . Kletnieks (May 13)