Re: 'I told you so...'

[Valdis.Kletnieks () vt edu]

On Thu, 13 Mar 2008 01:05:19 EDT, David Kennedy CISSP said:

> > > > >
> “The risks to patients now are very low, but I worry that they
> could increase in the future,

> Give the man a tinfoil hat.  Good for asteroids too.  Odds at
> the moment seem comparable.  Please excuse me a moment while I
> go get a Powerball ticket.  At least I know Powerball will
> definitely payoff for somebody, some day.
>
> > > > >
> The experiment required more than $30,000 worth of lab equipment

That's what they said about the "you can't read this passport RFID chip from
more than a few inches away" - until somebody demonstrated a fairly cheap and
effective attack from 30+ feet away.

The good doctor is correct in recognizing that attacks only improve, they
never get worse.

> Would someone please explain the difference between a
> vulnerability, a threat, a risk and a conflict of interest to
> the good doctors.

Has it occured to you that *maybe* the good doctors already recognize what
vulnerabilities, threats, and risks the #1 company and designed into their
product, and that's why the #2 company designed in countermeasures?

Or are you saying that if IE is found to have a flaw, and the guys at
Mozilla say "We saw that coming and Firefox works around that", that it's
a conflict of interest for them to say so?

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.