Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Frackin script kiddies!!



On Wed, Aug 04, 2010 at 09:51:44PM -0500, Derek Martin wrote:
> On Wed, Aug 04, 2010 at 06:26:40PM -0400, Dan Ritter wrote:
> > To my personal knowledge, a MITM attack has happened at a major
> > Boston-area company within the last twenty years. It is
> > unreasonable to think that this was the sole incident.
> 
> But, to your knowledge, one case occured.  In twenty years.  I'd say
> that qualifies as "extremely unlikely" -- wouldn't you?


No, I'd say that's a single data point indicating that it does
in fact occur. Trying to extrapolate any frequency from that
other than "unlikely to be unique" is silly.


> > It's not common, but it can happen.
> 
> Based on the frequency with which it occurs (pretty rare), do you
> think it's worth Jarod's time to jump through hoops to guard against
> one? 

Possibly.

> To guard his MythTV box? 

I don't think he values it that highly, so no.

Security has costs. It may be the case that protecting against
MITM attacks will also protect against enough other non-DOS
attacks, and cost little enough in relation to the overall
benefits, that Jarod should invest in it. Saying so without a
threat model, asset value estimate and cost estimate is, again,
silly.

-dsr-

-- 
http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
You can't defend freedom by getting rid of it.






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org