Home page logo
/

nanog logo nanog mailing list archives

Re: The Backhoe: A Real Cyberthreat?
From: Robert E.Seastrom <rs () seastrom com>
Date: Thu, 19 Jan 2006 16:42:57 -0500



Jim Popovitch <jimpop () yahoo com> writes:

Jerry Pasker wrote:
The point is:  What's more damaging?  Being open with the maps to
EVERYONE can see where the problem areas are so they can design
around them? (or chose not to) or pulling the maps, and reports, and
sticking our heads in the sand, and hoping that security through
obscurity works.

Let's look at this from another point of view:  Should we remove all
keylocks from backhoes so that everyone can have access to them?  :-)

This analogy is faulty, but illuminating insofar as it illustrates the
fallacy of putting up low bars to access that don't actually stop
people who're willing to put a little bit of effort into beating it.

Keylocks only work when your threat model is drunk fratboys or bored
teenagers (which is not necessary a disjoint set).  They aren't a
significant part of the threat model for intentional fiber cuts.

Any John Deere dealer will be able to supply you with a key that
operates the vast majority of John Deere equipment of a certain type.
Anyone who can plan ahead enough to order from eBay is in like Flynn.

http://cgi.ebay.com/12-JD-Keys-3-John-Deere-Equipment-Key-Sets-NEW_W0QQitemZ7581349645QQcategoryZ41507QQrdZ1QQcmdZViewItem


I'm all for openness, but sometimes some things only need to be accessed
and used by the professionals that need those things.  I fully trust
that the big network operators, the ones that really really do need
this data, have all the info they need to plan their network
expansions, etc. I don't need to see this data, even though I might
want to.

Then don't look at it.  :)

                                        ---Rob


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]