Strength in Complexity?
dan at geer.org
dan at geer.org
Mon Aug 4 15:00:45 EDT 2008
With the caveat that I am reading mail in
reverse order (i.e., panic-mode), I do have
to say one thing and it isn't even to mount a
stirring defense of Kerberos, which does not
need defending anyhow...
The design space for practical network security
has always been:
I'm OK
You're OK
The Internet is a problem
A gathering storm of compromised machines, now
variously estimated in the 30-70% range depending
on with whom you are talking, means that the
situation is now:
I'm OK, I think
I have to assume that you are 0wned
The Internet might make this worse
Put differently, network security has now come
close to Spaf's famous line about netsec in the
absence of host security being assured delivery
of gold bars from a guy living in a cardboard box
to a guy sleeping on a park bench.
BTW, it is probably time to turn off your software's
autoupdate feature.
http://www.infobyte.com.ar/down/isr-evilgrade-Readme.txt
Likely off-topic,
--dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list