Return-Path: <sentto-279987-1653-998942203-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 27 Aug 2001 12:58:11 -0700 (PDT) Received: (qmail 25471 invoked by uid 510); 27 Aug 2001 19:56:50 -0000 Received: from n20.groups.yahoo.com (216.115.96.70) by 204.181.12.215 with SMTP; 27 Aug 2001 19:56:49 -0000 X-eGroups-Return: sentto-279987-1653-998942203-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by c9.egroups.com with NNFMP; 27 Aug 2001 19:56:45 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_3_2); 27 Aug 2001 19:56:41 -0000 Received: (qmail 94139 invoked from network); 27 Aug 2001 19:39:03 -0000 Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 27 Aug 2001 19:39:03 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 27 Aug 2001 19:39:03 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id MAA07210 for iwar@yahoogroups.com; Mon, 27 Aug 2001 12:38:54 -0700 Message-Id: <200108271938.MAA07210@big.all.net> To: iwar@yahoogroups.com In-Reply-To: <9me60j+r9pm@eGroups.com> from "ellisd@cs.ucsb.edu" at Aug 27, 2001 07:11:15 PM Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 27 Aug 2001 12:38:54 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] More complete approaches Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit ... > Given the fact that an attack is sinister, is it necessarily complex? > I would suggest no. It may exploit complexities. It may require a > great deal of understanding and domain knowledge, but the attack > itself may be relatively simple. Just because a diamond cutter has a > high degree of domain knowledge and the diamond itself is a complex > structure does not mean that the hammer and pick need to also be > complex. (Maybe this is a bad analogy, and if you think so, I am sure > you will let me know.:) ... > I admit that my historical experience is limited. I just thought > about what damage I personally could do and how I would do it. I don't claim to have an exclusive on knowledge or good ideas. It's just that I have looked at it in some depth to come to my conclusions. That doesn't make them more valid - although it probably makes them more likely to be accurate. Perhaps you could share with us a notion of what sorts of things you contemplated so we can understand your perspective better? ... > historical survey or a creative approach that simply attempts to > answer the question "what is possible?"? I am guessing you would > prefer the latter. I prefer details which I can then use to make judgements. What do you think is possible and how? That's the only real way I have found to get to the bottom of any issue. Get to the details and see how they pan out. It would also probably be interesting to other readers to get a sense of what you think is possible and how you might do it. Obviously don't reveal anything you believe to be confidential property of anyone other than yourself... FC --This communication is confidential to the parties it is intended to serve-- Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171 fc@all.net The University of New Haven.....http://www.unhca.com/ http://all.net/ Sandia National Laboratories....tel:925-294-2087 ------------------------ Yahoo! Groups Sponsor ---------------------~--> Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business" and learn all about serious security. Get it Now! http://us.click.yahoo.com/aihfLB/oT7CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:40 PDT