On Jan 15, 2010, at 10:43 AM, Jared Mauch wrote:
>
> On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
>
>> Does anyone really believe that the use of targeted 0-day exploits to gain
>> unauthorized access to information hasn't been at least considered if not
>> used by spies working for other [than China] countries?
>
> I think only those not paying attention would be left with that impression.
>
> Spying has been done for years on every side of various issues. Build a more
> complex system, someone will eventually find the weak points.
>
> Personally I was amused at people adding cement to USB ports to mitigate
> against the "removable media threat". The issue I see is people forget that
> floppies posed the same threat back in the day.
>
> The reality is that the technology is complex and easily used in asymmetrical
> ways, either for DDoS or for other purposes.
>
> The game is the same, it's just that some people are paying attention this
> week. It will soon go back to being harmless background radiation for most
> of us soon.
>
The "difference" this week is motive.
In the 1980s-1990s, we had joy-hacking.
In the 2000s, we had profit-motivated hacking by criminals.
We now have (and have had for a few years) what appears to be nation-state
hacking. The differences are in targets and resources available to the
attacker.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
