[121326] in North American Network Operators' Group
Re: Anyone see a game changer here?
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Fri Jan 15 10:55:33 2010
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <878BCDA1-59A7-43C2-A219-E6FC58C62364@puck.nether.net>
Date: Fri, 15 Jan 2010 10:52:31 -0500
To: Jared Mauch <jared@puck.nether.net>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 15, 2010, at 10:43 AM, Jared Mauch wrote:
>=20
> On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
>=20
>> Does anyone really believe that the use of targeted 0-day exploits to =
gain unauthorized access to information hasn't been at least considered =
if not used by spies working for other [than China] countries?
>=20
> I think only those not paying attention would be left with that =
impression.
>=20
> Spying has been done for years on every side of various issues. Build =
a more complex system, someone will eventually find the weak points.
>=20
> Personally I was amused at people adding cement to USB ports to =
mitigate against the "removable media threat". The issue I see is =
people forget that floppies posed the same threat back in the day.
>=20
> The reality is that the technology is complex and easily used in =
asymmetrical ways, either for DDoS or for other purposes.
>=20
> The game is the same, it's just that some people are paying attention =
this week. It will soon go back to being harmless background radiation =
for most of us soon.
>=20
The "difference" this week is motive.
In the 1980s-1990s, we had joy-hacking.
In the 2000s, we had profit-motivated hacking by criminals.
We now have (and have had for a few years) what appears to be =
nation-state hacking. The differences are in targets and resources =
available to the attacker.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
