[AusNOG] RISK - IT Industry - Concern Over Equipment Being Installed in Data Centre Facilities

Mark Delany g2x at juliet.emu.st
Mon Sep 26 12:15:01 EST 2016


On 26Sep16, Karl Auer allegedly wrote:
> Sam Silvester wrote:
> > Skeeve Stevens wrote:
> > > But... I don't think we should theorise in an open forum giving
> > > anyone ideas on how you could abuse this situation.
> > > I'd even scrub the archives of this if possible.
> 
> > I always find it strange when people put forward advice like this.
> 
> So do I.
> 
> The idea that "if the good people don't mention it, the bad people
> won't think of it" is a thoroughly discredited approach. Why?

Security thru obscurity?

The other wrong assumption is that bad guys aren't as smart as good
guys.

I guess it's possible that the smartest good guy is smarter than the
smartest bad guy, but are the vast majority of unwashed masses on this
list smarter than the smartest bad guy? Unlikely.

The net result of self-censorship is to leave the unwashed masses
vulnerable to smarter bad guys who have no qualms about sharing or
selling vulnerabilities.

I put myself in the unwashed masses class as much of my "above and
beyond" security responses have been as a consequence of learning
about a vulnerability second-hand and scrambling to see whether my
systems are vulnerable. An information lock-down would greatly
diminish my ability to respond in a timely manner.


Mark.


More information about the AusNOG mailing list