Dailydave mailing list archives
Re: The paradox of our security measures
From: Parity <pty.err () gmail com>
Date: Mon, 2 Jun 2008 09:18:56 -0700
Nah, no paradox here. Even among security pros, there's a certain obliviousness to the fact that the term "security" is overloaded. Sometimes we mean security-as-in-* controls* (A/V, IDS, content filtering, etc) and sometimes we mean security-as-in-*assurance* (the result of practices that yield things like qmail instead of sendmail, or maybe SQL Server 2005 instead of SQL Server 2000.) Put another way, security assurance is what the business pays for, and security controls are what it gets. pty On Fri, May 30, 2008 at 2:59 PM, Dave Aitel <dave.aitel2 () gmail com> wrote:
I like the smaller security conferences better. Big conferences are like weddings - just enough time to remind people you're still alive and pass along a phone number or email address. There's usually less media glare and so speakers can avoid the prostrations necessary to avoid painful PR battles and just get straight to the technical facts. For example, one of the speakers demonstrated 4 different vulnerabilities in various anti-virus products. It was just part of the talk, not meant as publicity whoring. One thing I liked as well was Thomas Lim's introductions which provided a context to the talks. Recently the Hong Kong police have had confidential information leakage via a P2P program called "Foxy", for example. Likewise the Beijing Olympic tickets are going to have RFID chips with everyone's name and address, passport number, picture, birthday, and anything else an identity thief would want. It's a great way to build up a huge database, I guess, but based on Adam Laurie's excellent talk, anyone 60 feet around you can just pick that information right out of the air. Like Anti-Virus and IDS, RFID is another cool example of how adding a security measure ends up reducing your security. -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The paradox of our security measures Dave Aitel (May 30)
- Re: The paradox of our security measures Parity (Jun 04)
- Re: The paradox of our security measures I)ruid (Jun 04)