Network utility.

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

When your utilities rely on your network, your network becomes a
utility. That's my take-away from the S4 SCADA conference.
 One of the talks was on California setting up the ability to turn off
everyone's air conditioners when they start having power problems via
a radio signal. Then it started talking about building mesh networks
between your house and your neighbor's house and eventually going back
to the utility company itself. To save money they were going to have
signing, but not encryption. Very odd stuff. Everyone loves to know
about their neighbor's thermostat, right?

Likewise, since control system networks are described as "quieter than
a mouse walking on cotton" there's an opening for anomaly based IDS to
succeed as a niche product since it's essentially failed in the wider
marketplace. If you do it right, you can hook it up with all sorts of
real world events:
   o Face Recognition: I see Bob's face which means activity from
Bob's console is normal
   o Moon phases: Large rain + moon phase = flooding gate opening is
normal
   o etc

Also, Steve Lipner doesn't read XKCD on a regular basis! I'm still
working my way through his book, so here's my question of the day for
the Microsoft SDL people.


S3+C
______________________________

How does "Secure By Default" contradict "Secure In Deployment"? :>

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHo2lIB8JNm+PA+iURAkK8AJ0UBgVegofF8aI9OV/Twipy/awFxACeNPFQ
BfoSlzvgoRO7zEctwu+Ozwk=
=Spec
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave