[88076] in North American Network Operators' Group
Re: The Backhoe: A Real Cyberthreat?
daemon@ATHENA.MIT.EDU (Robert E.Seastrom)
Thu Jan 19 16:43:27 2006
To: Jim Popovitch <jimpop@yahoo.com>
Cc: nanog@merit.edu
From: Robert E.Seastrom <rs@seastrom.com>
Date: Thu, 19 Jan 2006 16:42:57 -0500
In-Reply-To: <43CFFB33.8070309@yahoo.com> (Jim Popovitch's message of "Thu,
19 Jan 2006 15:48:51 -0500")
Errors-To: owner-nanog@merit.edu
Jim Popovitch <jimpop@yahoo.com> writes:
> Jerry Pasker wrote:
>> The point is: What's more damaging? Being open with the maps to
>> EVERYONE can see where the problem areas are so they can design
>> around them? (or chose not to) or pulling the maps, and reports, and
>> sticking our heads in the sand, and hoping that security through
>> obscurity works.
>
> Let's look at this from another point of view: Should we remove all
> keylocks from backhoes so that everyone can have access to them? :-)
This analogy is faulty, but illuminating insofar as it illustrates the
fallacy of putting up low bars to access that don't actually stop
people who're willing to put a little bit of effort into beating it.
Keylocks only work when your threat model is drunk fratboys or bored
teenagers (which is not necessary a disjoint set). They aren't a
significant part of the threat model for intentional fiber cuts.
Any John Deere dealer will be able to supply you with a key that
operates the vast majority of John Deere equipment of a certain type.
Anyone who can plan ahead enough to order from eBay is in like Flynn.
http://cgi.ebay.com/12-JD-Keys-3-John-Deere-Equipment-Key-Sets-NEW_W0QQitemZ7581349645QQcategoryZ41507QQrdZ1QQcmdZViewItem
> I'm all for openness, but sometimes some things only need to be accessed
> and used by the professionals that need those things. I fully trust
> that the big network operators, the ones that really really do need
> this data, have all the info they need to plan their network
> expansions, etc. I don't need to see this data, even though I might
> want to.
Then don't look at it. :)
---Rob
