[Dshield] The internet -- testing platform, or production environment?

KeithTarrant@spamcop.net KeithTarrant at spamcop.net
Wed Oct 30 21:31:04 GMT 2002


Hi Ed -

In order for me to be safe I need my suppliers and customers to be safe.
Nothing facist about that.  Anything you think you see about ME needing to
be in control is being read into it.  I'm not interested in the police
chief's job, but thanks anyway Ed.  And total control?  Turn left or turn
right, just so long as it isn't likely to cause an accident that's okay.
But turning the wrong way onto a one way street -- that is something we
need laws and penalties on, and having those laws and penalties doesn't
make us a facist police state.

How about the wild west analogy. There were no marshals.  It was lawless
(for europeans).  Should that status quo have remained?

Land use, okay.  Someone has a hog farm.  The city expands.  What happens
to the hog farm?  It can remain and the city fail to grow in that
direction, or it can be moved (the farmer hopefully compensated) to where
its air doesn't contaminate the city.

As far as land use goes though, a better analogy is someone builds a
subdivision.  Then someone builds a hog farm.  Generally malware is newer
than  the products it attacks, and generally scriptkiddies and hackers
have been into computers for a shorter period of time than the makers of
the products they attack.

- Keith
----- Original Message -----
From: "Ed Truitt" <ed.truitt at etee2k.net>
To: <list at dshield.org>
Sent: Wednesday, October 30, 2002 7:57 AM
Subject: Re: [Dshield] The internet -- testing platform, or production
environment?


> While you make some good points, it appears as if you are saying "in
order
> for me to be safe, I must be able to totally control what you can /
cannot
> do" - in effect, turning the Internet from a village governed by a form
of
> anarchy into a fascist police state.  The company I work for has very
> stringent rules for putting anything on their networks - in some cases,
even
> portions of their networks are isolated from others.  What software you
can
> install on a PC is very carefully controlled.  Well, I for one don't
want to
> have to abide by those same policies at home, just so my company (or
yours,
> for that matter) feels a little more comfortable.
>
> I see this whole debate not in terms of a highway, rather in terms of
land
> use.  Someone builds an airport, then a decade later people decide to
build
> houses on the perimeter of the airport, then they decide to sue the
airport
> and control its operations, because those darn airplanes are just too
noisy.
>
> Cheers,
> Ed Truitt
> PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
> http://www.etee2k.net
> http://www.bsatroop148.org
>
> "Note to spammers:  my 'delete' key is connected to YOUR ISP.
>  Also, if you send me UCE, I reserve the right to post your spew
> on my Web site, with the appropriate color commentary, so that
> others may have a good laugh at your expense."
>
> ----- Original Message -----
> From: <KeithTarrant at spamcop.net>
> To: <list at dshield.org>
> Sent: Tuesday, October 29, 2002 5:59 PM
> Subject: [Dshield] The internet -- testing platform, or production
> environment?
>
>
> > 1.  Academia and ISPs just don't understand the scope of the problem.
The
> > outstanding issue isn't the security of the system I have full control
> > over.
> >
> > In production, you need a safe environment for the sites connecting to
> > you.  In banking, for example, it does no good if my banking system is
> > totally secure if my customer has a trojan keystroke logger.  In B2B,
it
> > does no good if my system is totally secure but my supplier has been
> > cracked.  In retail, as a customer, it does no good if my PC is
totally
> > secure but Land's End's server is wide open.
> >
> > Think about it and you'll see this is your problem too.  For the
systems
> > that are open to them, it is pretty usually true that you are only as
> > secure as the computers your student's and staff have at home.
> >
> [snip]
>
>

2.  Is it an academic right to do what you want on the roads?

Is it academic freedom to be able to test theoretical or test-built
automobile braking systems on freeways?

I think you'll find most engineers, unless they want to argue the
semantics of the wording, will agree that public safety comes first.

Well, in my opinion, the internet is like the public roads.

I say separating unit and system testing from production is proper
professional practice in information technology and electronics
engineering.

However, as with vehicle testing, the internet is suitable for final
testing (beta testing).

3.  It does no good to say that users need to know more about computers.

We have technology with usability much like that of a Model-T Ford's.
Great for tinkerers.  You can go out and buy the physical parts or
download the modules and build your own working computer.  And spend hours
each week keeping it secure and working.

Where we need to go is the usability of automobiles after 1970, where cars
run for months without attention and years without heavy maintenance, and
you don't need to know anything about vehicle maintenance in order to be a
competent driver.





More information about the list mailing list