On Wed, Jun 18, 2008 at 11:08:17PM +0200, Zacheusz Siedlecki wrote:
> I think it's not about details. It's about statistic and probality of
> intrusion (Bruce is god at maths). It's difficult to strike a good
> balance between security and usability of system. Bruce found it for
> his home network. Attack on desktop from Internet is more probable
> than script-kiddie-wardriver in neighborhood so it's not worth a
> thing. Ithink it's about ideology also (Linux vs Windows, close vs
> open).

Sure, statistically, the average person isn't likely to have someone
attack their wireless network like that, but if there's something
unusual about the target (e.g. you're very well known in the security
community and have essentially dared people to compromise your network),
the usual threat/risk calculations will need to be adjusted.

I fully expect to read another news article at some point in the
future about Schneier ending up talking to the police about having
his network compromised because he's just advertised to the world that
he has not even bothered to taken trivial steps to secure it.

There's an argument that could be made that by leaving the network
unprotected, he has plausible deniability if illegal acts are made
from his network connection, but that hasn't been tested in court
as far as I know, and I'd rather not be a test case for such things.

[ reply ]