This is actually a good point. We trust in SSL, etc, PKI in general.
This has always been an arms race, this latest Apache “OptionsBleed” for example. Seriously, who would have guessed a .htaccess typo can cause a memory leak showing bits and pieces of memory to anyone. RE: the restaurant analogy, if the supplier gives you food with maggots in it, is that now your fault in the Govt’s eye? You sold the dish with maggots, here’s a bill. Same, Apache has a bug, you got hacked because of it. You get the fine? Can we forward that fine to Apache? Is it really their fault? Let’s not even mention Windows.. in general. Because you use these products.. are you, “shonky”? I know it is more nuisance than this, I just found Mark’s comment pertinent. Regards, Burt Mascareigne Mobile 0414 450 962 Office (02) 9965 5422 Address Level 19, 1 O’Connell Street, Sydney NSW 2000 Web http://www.stormnetwork.com.au<http://www.stormnetwork.com.au/> From: AusNOG [mailto:[email protected]] On Behalf Of Mark Smith Sent: Tuesday, 19 September 2017 6:34 PM To: Paul Wilkins <[email protected]> Cc: <[email protected]> <[email protected]> Subject: Re: [AusNOG] Telecommunications Sector Security Reforms On 19 Sep. 2017 5:36 pm, "Paul Wilkins" <[email protected]<mailto:[email protected]>> wrote: "you just have to try your best" goes only as far as the provider's internal network and systems. There's no provision for protection of the data plane or services delivered to third parties. Yes there is, and most of it is around 20 years old c.f. HTTPS/SSL/TLS/IPsec. Kind regards Paul Wilkins On 19 September 2017 at 17:25, Eric Pinkerton <[email protected]<mailto:[email protected]>> wrote: >The State/Taxpayer has never once picked up the bill for a network security >incident. The bill for these things is mostly paid for by the blood sweat and tears of those affected. Anyone who had had their identity stolen for example will tell you just how painful and costly it is. Regardless the language of this law is pretty woolly, you just have to try your best, and if you get caught doing something shonky you well get asked to stop. It's not much different to a restaurant with poor hygiene standards getting fined for making people sick IMHO. Sent from my iPhone > On 19 Sep 2017, at 5:02 pm, Mark Newton > <[email protected]<mailto:[email protected]>> wrote: > > The State/Taxpayer has never once picked up the bill for a network security > incident. _______________________________________________ AusNOG mailing list [email protected]<mailto:[email protected]> http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
