Full Disclosure mailing list archives
Re[2]: Response to comments on Security and Obscurity
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 1 Sep 2004 21:33:55 +0400
Dear Peter Swire, --Wednesday, September 1, 2004, 7:27:17 PM, you wrote to bkfsec () sdf lonestar org: PS> Dave Aitel also criticizes analogies of computer and physical security. Is PS> that topic strictly off-limits for discussion? Yes, sometimes information PS> can be copied but chairs cannot. Does that change everything about PS> security? The paper proposes explanations for why computer and physical PS> security are often different, because computer security often features a PS> high number of attacks, learning by attackers from each attack, and PS> communication among attackers. At the same time, some physical situations PS> have those same features. Where is the flaw in that analysis? As far as my poor English allows me to understand Dave correctly criticises analogies between informational theory and physical world, not between physical and information security. In your case analogy is really poor. I can break my own ass by falling into the pit, and I will never have another one. In informational world (like in any business) all I risk is not more than money. But in case of your quotation, you have a lot of mistake because of misunderstanding real world. It's really impossible to show your mistake because at least this part of your paper is one large mistake. Currently, situation someone breaks program's protection to put a virus into it is really strange and probably is taken from Hollywood. There are crackers (not hackers, it's different term) who breaks program protection for illegal copying. Yes, they are criminals. But I see no relation between breaking program's copy protection mechanism and informational security like (OK you wanted analogies) there is no relation between VHS tape copy protection (there are some techniques used by film distribution companies to prevent illegal copying) and physical security. Situation of you analogy also came from Hollywood: cracker to buy a new copy of program after trap catches debugging. Unlike real world, in computer there is always a chance to make a roll back, and to try to break protection again and again on the same copy of the program. You're trying to compare real situation from physical world with something impossible from informational world. How can someone who understand it to see any analogy? -- ~/ZARAZA Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его прочитать. (Твен) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: New paper on Security and Obscurity, (continued)
- Re: New paper on Security and Obscurity stephane nasdrovisky (Sep 01)
- Re: New paper on Security and Obscurity stephane nasdrovisky (Sep 01)
- Re: New paper on Security and Obscurity Barry Fitzgerald (Sep 01)
- RE: Response to comments on Security and Obscurity Peter Swire (Sep 01)
- RE: Response to comments on Security and Obscurity Dave Aitel (Sep 01)
- Security & Obscurity: First-time attacks and lawyer jokes Peter Swire (Sep 02)
- Re: Security & Obscurity: First-time attacks and lawyer jokes Georgi Guninski (Sep 02)
- Re: Security & Obscurity: First-time attacks and lawyer jokes Honza Vlach (Sep 03)
- Re: Security & Obscurity: First-time attacks and lawyer jokes Dave Aitel (Sep 02)
- Re: Security & Obscurity: First-time attacks and lawyer jokes Mr. Rufus Faloofus (Sep 02)
- RE: Response to comments on Security and Obscurity Peter Swire (Sep 01)
- Re[2]: Response to comments on Security and Obscurity 3APA3A (Sep 01)
- Re: Re[2]: Response to comments on Security and Obscurity James Tucker (Sep 01)
- Re: Response to comments on Security and Obscurity Barry Fitzgerald (Sep 01)
- Re: Response to comments on Security and Obscurity James Tucker (Sep 02)
- Re[4]: Response to comments on Security and Obscurity 3APA3A (Sep 02)
- Re: Re[4]: Response to comments on Security and Obscurity James Tucker (Sep 02)
- Re[6]: Response to comments on Security and Obscurity 3APA3A (Sep 02)
- Re: Re[6]: Response to comments on Security and Obscurity James Tucker (Sep 02)
- Re[8]: Response to comments on Security and Obscurity 3APA3A (Sep 02)
- Re: Response to comments on Security and Obscurity gadgeteer (Sep 01)