> To enter the vaults inside the windowless bunker-like compound
> requires punching in key codes and slipping your fingers into a series
> of scanners similar to those used at the U.S. Navy's nuclear
> facilities.
> ...
> Consider
> the recent attacks that crippled Microsoft Corp.'s Web sites by
> flooding them with false requests for information. Or the hackers who
> may have gained access to credit card information at Egghead.com, an
> online computer-shopping site.
> ...
> Wrought-iron fences that can withstand 50,000 pounds of force -- like
> that produced by a fast-moving car -- enclose the company's
> steel-lined building, set back 200 feet from the street and patrolled
> by armed guards.
Oh give me a break.
Since when can fingerprint scanners and wrought-iron fences stop an
ICMP packet flood, or prevent someone exploiting a remote
vulnerability and extracting a credit card database? How many web
page defacements mirroed on attrition.org would have been stopped by a
200 foot setback and armed guards? (Hint - ZERO!) Physical security
is important, but if you're going to spend a ton of cash, I think
you're better off spending it on security-saavy programmers and system
administrators.
Too bad reality doesn't make for good lead paragraphs.
--
Dave Dittrich Computing & Communications
dittrich@cac.washington.edu Client Services
http://staff.washington.edu/dittrich University of Washington
PGP key http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Tue Feb 6 02:32 CST 2001