Once again, a string of articles with no real substance or analysis. Just a few ponts:

?There was no inconvenience or economic loss.?

As a result of this pranksters actions the entire US commercial jet fleet, some 7000 planes, had to be searched by order of the TSA. Direct financial damages from this incident are still being tabulated and will be in the millions of dollars. Indirect damages from delayed flights, decreased passenger confidence and other items are more nebulous to tabulate but will certainly exceed the direct cost of searching the planes.

Perhaps, I should drop by the author's offices and drop the ECIAR virus on a computer. I am sure scanning all of your computer systems for the virus would neither be an inconvenience or financially burdensome. The ECIAR virus poses no threat to your systems, and I am sure the publicity about how someone walked into your office and installed a virus on your systems would be great for business.


?Despite good intent, and even with attention paid, Heatwole will not make security better on the airlines..?

How you arrive at such conclusions is a mystery. Changes are taking place to prevent the recurrence of such an event. How the materials were packaged, especially the clay, is being investigated by the TSA and Homeland Security in an effort to improve detection methods.

In relation to computer security, when researches disclose flaws in computer systems. what happens? Nothing? No typically credible security vulnerabilities are fixed. The aggregate effect of such actions on a continually evolving security model cannot be dismissed so simply. For the most part, your network is more secure this month than it was last month. Why? Perhaps because someone disclosed, either discreetly or fragrantly, a security issue which has been resolved.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/194/23420#23420