, 2003-10-27
Whether it's a student slipping contraband past airport metal detectors, or a researcher modeling an unstoppable computer virus -- demonstrations just don't do justice to the real state of security.
Expand all |
Post comment
[Pretty Good at Gettin' By
by a security expert for the fbi
Oct 30 2003 3:44PM
Once again, a string of articles with no real substance or analysis. Just a few ponts:
?There was no inconvenience or economic loss.?
As a result of this pranksters actions the entire US commercial jet fleet, some 7000 planes, had to be searched by order of the TSA. Direct financial damages from this incident are still being tabulated and will be in the millions of dollars. Indirect damages from delayed flights, decreased passenger confidence and other items are more nebulous to tabulate but will certainly exceed the direct cost of searching the planes.
]
The hole was there. The planes should have been searched to start with. He just showed them that they needed to do it. This is like saying when someone goes to the bank and says..hey, you left the vault door open, hes costing the bank money. Hes not..hes just merely informing them that theyre already wasting money.
Truth is, should these passengers be confident in an airline that cant keep a college student from sneaking razor blades on, let alone a terrorist?
[Perhaps, I should drop by the author's offices and drop the ECIAR virus on a computer. I am sure scanning all of your computer systems for the virus would neither be an inconvenience or financially burdensome. The ECIAR virus poses no threat to your systems, and I am sure the publicity about how someone walked into your office and installed a virus on your systems would be great for business.
]
If you can get in, the problem is already there. The machines should be treated as compromised already. Again, you are just a symptom of the problem, not the problem itself.
[
?Despite good intent, and even with attention paid, Heatwole will not make security better on the airlines..?
How you arrive at such conclusions is a mystery. Changes are taking place to prevent the recurrence of such an event. How the materials were packaged, especially the clay, is being investigated by the TSA and Homeland Security in an effort to improve detection methods.
In relation to computer security, when researches disclose flaws in computer systems. what happens? Nothing? No typically credible security vulnerabilities are fixed. The aggregate effect of such actions on a continually evolving security model cannot be dismissed so simply. For the most part, your network is more secure this month than it was last month. Why? Perhaps because someone disclosed, either discreetly or fragrantly, a security issue which has been resolved.
]
Totally agree. Full disclosure helps everyone because it forces people to either, A) fix the problem, or B) get burned, and no one wants to get burned.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/194/23425#23425