Re: The Backhoe: A Real Cyberthreat?

[Robert E.Seastrom <rs () seastrom com>]

Jim Popovitch <jimpop () yahoo com> writes:

> Jerry Pasker wrote:
> > The point is:  What's more damaging?  Being open with the maps to
> > EVERYONE can see where the problem areas are so they can design
> > around them? (or chose not to) or pulling the maps, and reports, and
> > sticking our heads in the sand, and hoping that security through
> > obscurity works.
>
> Let's look at this from another point of view:  Should we remove all
> keylocks from backhoes so that everyone can have access to them?  :-)

This analogy is faulty, but illuminating insofar as it illustrates the
fallacy of putting up low bars to access that don't actually stop
people who're willing to put a little bit of effort into beating it.

Keylocks only work when your threat model is drunk fratboys or bored
teenagers (which is not necessary a disjoint set).  They aren't a
significant part of the threat model for intentional fiber cuts.

Any John Deere dealer will be able to supply you with a key that
operates the vast majority of John Deere equipment of a certain type.
Anyone who can plan ahead enough to order from eBay is in like Flynn.

http://cgi.ebay.com/12-JD-Keys-3-John-Deere-Equipment-Key-Sets-NEW_W0QQitemZ7581349645QQcategoryZ41507QQrdZ1QQcmdZViewItem


> I'm all for openness, but sometimes some things only need to be accessed
> and used by the professionals that need those things.  I fully trust
> that the big network operators, the ones that really really do need
> this data, have all the info they need to plan their network
> expansions, etc. I don't need to see this data, even though I might
> want to.

Then don't look at it.  :)

                                        ---Rob