Return-Path: <sentto-279987-1133-986962014-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 10 Apr 2001 21:08:13 -0700 (PDT) Received: (qmail 29184 invoked by uid 510); 11 Apr 2001 03:07:58 -0000 Received: from jj.egroups.com (208.50.144.82) by 204.181.12.215 with SMTP; 11 Apr 2001 03:07:58 -0000 X-eGroups-Return: sentto-279987-1133-986962014-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by jj.egroups.com with NNFMP; 11 Apr 2001 04:06:54 -0000 X-Sender: fc@all.net X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_1_1); 11 Apr 2001 04:06:53 -0000 Received: (qmail 97002 invoked from network); 11 Apr 2001 04:06:52 -0000 Received: from unknown (10.1.10.142) by l9.egroups.com with QMQP; 11 Apr 2001 04:06:52 -0000 Received: from unknown (HELO all.net) (65.0.156.78) by mta3 with SMTP; 11 Apr 2001 05:07:55 -0000 Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id VAA28269 for iwar@yahoogroups.com; Tue, 10 Apr 2001 21:06:47 -0700 Message-Id: <200104110406.VAA28269@all.net> To: iwar@yahoogroups.com In-Reply-To: <4.3.2.7.2.20010410212838.00d25c20@90.0.0.1> from "Ross Stapleton-Gray" at Apr 10, 2001 11:03:59 PM Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 10 Apr 2001 21:06:47 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] Difference between IW and RA and Comp Sec etc Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Per the message sent by Ross Stapleton-Gray: ... > Reminds me of that military service taxonomy joke... > When told to secure a building: > The Marines close assault; > The Army sandbags the entrances and establishes interlocking fields of fire; > The Navy turns out the lights and padlocks the doors; > The Air Force gets a 30-year lease with option to buy. I love it... > Firstly, infrastructure in the U.S., while extensive, is quite accessible, > and often brittle. Every house on my street has got phone, cable, power It is brittle on a house by house basis, but on the whole it seems to do very well. It regularly survives massive storms, foolishness, fires, floods, explosions, infestations, and so forth. No offense intended, but, while taking down my Internet connection would be a disaster (for me), taking down most of the Internet connections on my block would be mere inconvenience for my neighbors and a boost to my available bandwidth, and I certainly would not feel much effect if yours were taken down. I APPOLOGIZE for the personalized humor (word chosen carefully... it is regrettable that I choose my humor in this manner...). > and water, and, save for the last (which is buried under the street), all > of that is hanging off the sides of houses, quite openly accessible. For > the price of a Phillips screwdriver and a handset, I could make phone calls > from any of my neighbors' phones; patch my AC power into the cable, and > might be able to fry TVs (and cable modems) all down the street. This all > works quite well, but only because there's only a tiny amount of > terrorism/vandalism; in lesser-developed economies, there's a lot more > resiliance to failures (e.g., loss of all hot water to a city block for a > month, as I found in Moscow in 1986)... it'd be cheap and easy to wreck > infrastructure in the U.S., and the economy (if only the local ones) would > feel the effects far more. A reasonable question might be, how many people with screw drivers will it take to cause serious harm to the US? I suspect that doing it the way you are talking about will be infeasible for almost any adversary. I think that the real threat lies elsewhere - in people that can come to understand the way infrastructure works and place their screw drivers in the right set of places to do large-scale harm at small-scale cost. This is a far more complex issue. > Secondly, I expect we'll see, in an increasingly instrumented world, more > opportunities for anti-sensor attacks. For example, as a result of the TWA > 800 accident (presumed, initially, to be likely a terrorist attack), we're > getting chemical sensors in all of the airports, to scan for bombs... > problem is that it's quite cheap to cause a false positive, e.g., send a > kid with a spray can of chemicals in to shpritz a terminal corridor. And, > as witnessed by the event at O'Hare in 1999 > (http://abcnews.go.com/sections/travel/DailyNews/o'haresecurity990826.html), > even a false positive can be incredibly disruptive. Perhaps even more dangerous would be the creation of a series of false positives to increase the detection thresholds so that the real attack is not adequately reacted to. Like I say, it's a complex issue. Chemical sensors are getting much better very quickly, and airport systems are moving toward schemes that are less inconvenient while being more effective. It will not happen instantly, but it will happen, if we continue to follow it up as a national priority. FC -- Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225 Fred Cohen & Associates: http://all.net - fc@all.net - tel/fax:925-454-0171 Fred Cohen - Practitioner in Residence - The University of New Haven This communication is confidential to the parties it is intended to serve. PGP keys: https://all.net/pgpkeys.html - Have a great day!!! ------------------------ Yahoo! Groups Sponsor ---------------------~-~> Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business." Get it now! http://us.click.yahoo.com/KVNB7A/e.WCAA/bT0EAA/kzAVlB/TM ---------------------------------------------------------------------_-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:08 PDT