On Sun, 19 Apr 2009 16:00:08 EDT, Rich Kulawiec said: > On Thu, Apr 16, 2009 at 12:32:37AM +0000, security curmudgeon wrote: > > "Popular" products have more published vulnerabilities, that would be > > pretty easy to argue. May have to qualify "popular" to who though (the > > researchers/blackhats, or the general public which makes them appealing > > targets to the bad guys, etc). > > Along those lines: one of the canards that I frequently find myself > defusing is "X is attacked often because it's popular". It may be > true that X is attacked often, and that X is popular, but that doesn't > prove a causal relationship between the two. I think it much more > likely that X is attacked (a) because it's weak or (b) because it's > perceived to be weak.
Actually, the attacks will be targeted at the product that has the highest product of (weakness)*(profit per break). RSTS/E won't be attacked much, even though it's pretty weak, because there's no money to be made at it. Financial services will be targets, even though they're *hopefully* tough targets, because the profit side is big. And then in the middle, somebody is getting rich hitting consumer systems in the millions at $5-$10 average a pop...
pgphdaQ02v73b.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
