[129772] in cryptography@c2.net mail archive
compromised hosts (was Re: Strength in Complexity?)
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Mon Aug 4 17:47:23 2008
To: dan@geer.org
Cc: Cryptography <cryptography@metzdowd.com>
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 04 Aug 2008 15:40:03 -0400
In-Reply-To: <20080804190045.C37BF33D80@absinthe.tinho.net> (dan@geer.org's message of "Mon\, 04 Aug 2008 15\:00\:45 -0400")
dan@geer.org writes:
> The design space for practical network security
> has always been:
>
> I'm OK
> You're OK
> The Internet is a problem
>
> A gathering storm of compromised machines, now
> variously estimated in the 30-70% range depending
> on with whom you are talking, means that the
> situation is now:
>
> I'm OK, I think
> I have to assume that you are 0wned
> The Internet might make this worse
>
> Put differently, network security has now come
> close to Spaf's famous line about netsec in the
> absence of host security being assured delivery
> of gold bars from a guy living in a cardboard box
> to a guy sleeping on a park bench.
This is indeed a big new problem -- indeed, I'd say that how you deal
with partially trusted people logged on to untrusted equipment is now
the name of the game.
> BTW, it is probably time to turn off your software's
> autoupdate feature.
>
> http://www.infobyte.com.ar/down/isr-evilgrade-Readme.txt
>
> Likely off-topic,
Not entirely. :)
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
