Given that USENIX finished today, I figured I'd say a few words beyond those already uttered this week. I found two of the "ask-the-experts" sessions to be very informative. Steve Bellovin of AT&T Research Labs and Bill Cheswick of Lumeta gave great talks. Yes, I gave the second edition of their book a three star review. Regardless, their USENIX talks were very helpful. After explaining how Lumeta's IPSonar works, Ches told us of a project called RocketFuel which is mapping the Internet, as Lumeta's most current maps aren't shared anymore due to post-9/11 security concerns. I found Cheswick's patent on "Method and apparatus for tracing packets in a communications network".
Mark Seiden gave a great talk on physical security. He believes digital security is superior to physical security, as physical security is dominated by people who believe obscurity is a legitimate way to achieve security. As a result, only criminals and locksmiths know which systems work, and the public is left vulnerable. Several years a group called Anti Security tried promoting a "closed source" movement. Their web site was down today but you can see an archive. (Incidentally, Matt Blaze's research created a firestorm in the physical security community.) Five years ago, Mark discovered a vulnerability in security systems used in airports, which "could enable terrorists to gain control of the electronic
badges that allow employees with security clearance to enter and
leave restricted areas."
0 komentar:
Posting Komentar