[Dailydave] The paradox of our security measures

Parity pty.err at gmail.com
Mon Jun 2 12:18:56 EDT 2008 

Nah, no paradox here.

Even among security pros, there's a certain obliviousness to the fact that
the term "security" is overloaded.  Sometimes we mean security-as-in-*
controls* (A/V, IDS, content filtering, etc) and sometimes we mean
security-as-in-*assurance* (the result of practices that yield things
like qmail instead of sendmail, or maybe SQL Server 2005 instead of SQL
Server 2000.)

Put another way, security assurance is what the business pays for, and
security controls are what it gets.

pty
On Fri, May 30, 2008 at 2:59 PM, Dave Aitel <dave.aitel2 at gmail.com> wrote:

> I like the smaller security conferences better. Big conferences are like
> weddings - just enough time to remind people you're still alive and pass
> along a phone number or email address. There's usually less media glare and
> so speakers can avoid the prostrations necessary to avoid painful PR battles
> and just get straight to the technical facts. For example, one of the
> speakers demonstrated 4 different vulnerabilities in various anti-virus
> products. It was just part of the talk, not meant as publicity whoring.
>
> One thing I liked as well was Thomas Lim's introductions which provided a
> context to the talks. Recently the Hong Kong police have had confidential
> information leakage via  a P2P program called "Foxy", for example. Likewise
> the Beijing Olympic tickets are going to have RFID chips with everyone's
> name and address, passport number, picture, birthday, and anything else an
> identity thief would want. It's a great way to build up a huge database, I
> guess, but based on Adam Laurie's excellent talk, anyone 60 feet around you
> can just pick that information right out of the air. Like Anti-Virus and
> IDS, RFID is another cool example of how adding a security measure ends up
> reducing your security.
>
> -dave
>
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080602/9e497127/attachment-0001.htm

More information about the Dailydave mailing list