Re: Speculation

[dan () geer org]

mmaiffret () inveniosecurity com writes
-+---------------------------------
 | Really it is a sad reminder that the current state of
 | the art when it comes to security and the resiliency
 | of our systems has a lot to do with making sure the
 | good guys only talk about things behind closed doors
 | while hoping that bad guys don't figure things out
 | before we can patch. 
 | 

Two thoughts, one an example of something that
could easily be done and would cause havoc hence,
arguably, I should not write it here; the other
an observation about the constraint space in which
we live.

(1) Some of you will have craftier ideas, but here's
how to take a plane out of the sky, assuming you are
willing to suicidily go with it... Fill an aluminum
walking cane with thermite, put a magnesium strip
in your wallet, and a book of matches in your undies.
Take whatever flight has the longest transoceanic
segment with no place to land and, at the halfway
point, go in the bathroom and light off your cane.
It will burn through the floor and depressurize the
plane forcing a descent to perhaps 8,000 feet where
fuel efficiency falls so low that there will be no
place to make land but plenty of time to radio a
mayday to the world press.

(2) Security and resiliency are at odds and all the
more so if you consider data availability as the top
of the requirements heap.  (100% availability tends
to argue for many disjoint copies while security tends
to want as few copies as are the maximum that can be
decisively controlled from a single point.)


--dan

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave