nanog mailing list archives
RE: update
From: "Keith Medcalf" <kmedcalf () dessus com>
Date: Fri, 26 Sep 2014 21:11:54 -0600
On Friday, 26 September, 2014 08:37,Jim Gettys <jg () freedesktop org> said:
For those of you who want to understand more about the situation we're all in, go look at my talk at the Berkman Center, and read the articles linked from there by Bruce Schneier and Dan Geer.
http://cyber.law.harvard.edu/events/luncheon/2014/06/gettys
Unfortunately, that page contains near the top the ludicrous and impossible assertion: ""Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities", by Clark, Fry, Blaze and Smith makes clear that ignoring these devices is foolhardy; unmaintained systems become more vulnerable, with time." It is impossible for unchanged/unmaintained systems to develop more vulnerabilities with time. Perhaps what these folks mean is that "vulnerabilities which existed from the time the system was first developed become more well known over time". The fact that the folks in the next building can peep at your privates through the bedroom window on which you did not install blinds does not mean that the vulnerability only exists from the time it is published in the local tabloid -- it existed all along -- it did not "magically" come into existence at some point after the building was built, the window installed, and you moved in without putting up windows blinds. The fact that you did not become aware of it until you saw a photograph of yourself doing unmentionable things only serves as the point in time at which you became aware of your failure to properly assess the posture of the system in the first place.
Jim Gettys
Current thread:
- Re: update, (continued)
- Re: update William Herrin (Sep 24)
- Re: update Jim Popovitch (Sep 24)
- Re: update William Herrin (Sep 24)
- Re: update Jim Popovitch (Sep 24)
- Re: update Mikael Abrahamsson (Sep 24)
- Re: update Will Yardley (Sep 24)
- Re: update Jimmy Hess (Sep 24)
- Re: update William Herrin (Sep 24)
- Re: update Jimmy Hess (Sep 24)
- Re: update Jim Gettys (Sep 26)
- RE: update Keith Medcalf (Sep 26)
- Re: update Jay Ashworth (Sep 27)
- Re: update Jimmy Hess (Sep 27)
- RE: update Keith Medcalf (Sep 27)
- Re: update Kenneth Finnegan (Sep 28)
- RE: update Keith Medcalf (Sep 27)
- Re: update Valdis . Kletnieks (Sep 28)
- RE: update Keith Medcalf (Sep 27)
- Re: update Valdis . Kletnieks (Sep 27)
- RE: update Keith Medcalf (Sep 27)
- Re: update Jimmy Hess (Sep 28)