Re: update

[William Herrin <bill () herrin us>]

On Fri, Sep 26, 2014 at 11:11 PM, Keith Medcalf <kmedcalf () dessus com> wrote:
> On Friday, 26 September, 2014 08:37,Jim Gettys <jg () freedesktop org> said:
> > http://cyber.law.harvard.edu/events/luncheon/2014/06/gettys
>
> ""Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy
> Code in Zero-Day Vulnerabilities",  by Clark, Fry, Blaze and Smith makes clear
> that ignoring these devices is foolhardy; unmaintained systems become more
> vulnerable, with time."
>
> It is impossible for unchanged/unmaintained systems to develop more
> vulnerabilities with time.  Perhaps what these folks mean is that
> "vulnerabilities which existed from the time the system was first
> developed become more well known over time".

Keith,

Any statement can be made foolish if you tweak the words a little.
They said, "Unmaintained systems become more vulnerable with time," a
reasonable and possibly correct claim. You paraphrased it as,
"unmaintained systems develop more
vulnerabilities with time," which is, of course, absurd.

The vulnerabilities were there the whole time, but the progression of
discovery and dissemination of knowledge about those vulnerabilities
makes the systems more vulnerable. The systems are more vulnerable
because the rest of the world has learned more about how those systems
may be successfully attacked.

Regards,
Bill Herrin



-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?