Take My Wallet, Please Oct 18 2006 02:54AM
Lance Spitzner (lance honeynet org) (1 replies)
I found this to be very interesting. November's issue of Kiplinger's
has a one page interview with a Mr. Bob Arno of Las Vegas. While his
job has nothing to do with honeypots or information security, there
are some neat similarities. He specializes in learning about
picketpockets and then shares what he learns. I was intrigued HOW he
learns about the threats.

How do you track down pickpockets?
I stuff my wallet with paper and keep
it in my pants pocket. Then I linger in
prime tourist spots in foreign cities.
Sooner or later, someone steals the wallet,
and I try to steal it back.

Yeah. If I successfully steal the wallet
back -- and I often do -- the thief is
usually willing to share the latest techniques.

Even more is his commentary on why pickpockets are not as common in
the US.

Why don't you study pickpockets in the U.S.?
Pickpockets are rare here because we train our
cops well, we use security cameras and the
consequences are too severe.

If this is truly the case (I'm know little about this field) what I
find interesting about the solution is that it does not depend on
prevention but enforcement. It comes down the fact that the risk is
to great. The bad guys have a good chance of getting caught, and if
they do get caught, they will feel some pain. In the world of
information security, there is little chance of being caught or
feeling any pain. Our focus is only on the technology, yet all the
technology in the world will only slow the bad guys down. If there
is no risk, if there is little chance of being identified and
prosecuted, then technology really does not matter. They can simply
keep trying to break in and sooner or later they will succeed. Not
until the threats are concerned about the risk of prosecution will we
start turning the wave.

You can find the article online for free here.



[ reply ]
Re: Take My Wallet, Please Nov 10 2006 08:23PM
Dave Dittrich (dittrich u washington edu)


Privacy Statement
Copyright 2010, SecurityFocus