Frackin script kiddies!!
Dan Ritter
dsr-mzpnVDyJpH4k7aNtvndDlA at public.gmane.org
Thu Aug 5 00:00:59 EDT 2010
On Wed, Aug 04, 2010 at 09:51:44PM -0500, Derek Martin wrote:
> On Wed, Aug 04, 2010 at 06:26:40PM -0400, Dan Ritter wrote:
> > To my personal knowledge, a MITM attack has happened at a major
> > Boston-area company within the last twenty years. It is
> > unreasonable to think that this was the sole incident.
>
> But, to your knowledge, one case occured. In twenty years. I'd say
> that qualifies as "extremely unlikely" -- wouldn't you?
No, I'd say that's a single data point indicating that it does
in fact occur. Trying to extrapolate any frequency from that
other than "unlikely to be unique" is silly.
> > It's not common, but it can happen.
>
> Based on the frequency with which it occurs (pretty rare), do you
> think it's worth Jarod's time to jump through hoops to guard against
> one?
Possibly.
> To guard his MythTV box?
I don't think he values it that highly, so no.
Security has costs. It may be the case that protecting against
MITM attacks will also protect against enough other non-DOS
attacks, and cost little enough in relation to the overall
benefits, that Jarod should invest in it. Saying so without a
threat model, asset value estimate and cost estimate is, again,
silly.
-dsr-
--
http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
You can't defend freedom by getting rid of it.
More information about the Discuss
mailing list