North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: motivating security, was Re: Every incident...

  • From: Edward Lewis
  • Date: Mon Feb 12 10:29:22 2007

At 14:59 +0000 2/12/07, Alexander Harrowell wrote:

The whole logic of modern computing is that everything migrates towards
users. Why shouldn't security? After all, if people didn't let the nasties
in, 'twould be very hard to start a botnet..

Regarding "letting the users in" there was a story on the news while we were meeting in Toronto. A woman put her child in her car while it was warming and then went back into the house "for 10 seconds." A thief jumped in the car, drove a while, crashed and fled the scene, stealing another car (that was also idling) to get away. The TV reports were very sympathetic to the woman and her husband (who was painted a hero for chasing down the suspect to the crash).

A week earlier, in the DC metro area, there was a story about the police ticketing people for letting their cards idle unattended. The reason for the report was awareness of a new enforcement of the law that had been put on the books to stem auto theft in that county. One woman was ticketed having left some small children in the car while she went back into get one more item. The reporter asked "what if someone ran here and just drove off?"

What I found interesting is the differences in the way the car owners were portrayed. It's not a US v. Canada thing, but just a point of view. Similarly, are the people who are running exploitable machines the cause of the problem or victims of those exploiting the machines?

I don't mean to say that the car owners or computer users are free from blame. But holding a sentiment of just blaming users is not helpful. OTOH, if there was something the operators could clearly do to stop this, someone would have suggested it by now. (There are all them laws about snooping traffic, etc.)

I thought I had a conclusion ... but I don't.
Edward Lewis                                                +1-571-434-5468

"Two years ago you said we had 5-7 years, now you are saying 3-5.  What I
need from you is a consistent story..."