compromised hosts (was Re: Strength in Complexity?)
Perry E. Metzger
perry at piermont.com
Mon Aug 4 15:40:03 EDT 2008
dan at geer.org writes:
> The design space for practical network security
> has always been:
>
> I'm OK
> You're OK
> The Internet is a problem
>
> A gathering storm of compromised machines, now
> variously estimated in the 30-70% range depending
> on with whom you are talking, means that the
> situation is now:
>
> I'm OK, I think
> I have to assume that you are 0wned
> The Internet might make this worse
>
> Put differently, network security has now come
> close to Spaf's famous line about netsec in the
> absence of host security being assured delivery
> of gold bars from a guy living in a cardboard box
> to a guy sleeping on a park bench.
This is indeed a big new problem -- indeed, I'd say that how you deal
with partially trusted people logged on to untrusted equipment is now
the name of the game.
> BTW, it is probably time to turn off your software's
> autoupdate feature.
>
> http://www.infobyte.com.ar/down/isr-evilgrade-Readme.txt
>
> Likely off-topic,
Not entirely. :)
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list