[Novalug] Security Mindset

Mark Smith mark@winksmith.com
Sat Mar 22 17:13:01 EDT 2008


as schneier points out repeatedly, these "security" measures are
often an identification process.  we don't need an identification
procedure.  we need intent.  the concept is that if they can identify
me, they've found intent, but that's just not true.  for instance,
many of the 9/11 attackers were identified correctly using their
own true identifications cards.

intent can be found by using highly trained guards, the presence
of devices that can only be used for one purpose, etc.  of course,
his business is based on having real people look at data and having
them interpret the data for attacks so it's natural that he pushes
this theme.

another thing he harps all the time is the fragility of the system.
every security system will fail, it's just a matter of how poorly it
fails.  for instance, one guy jumps the turnstile and all of LAX needs
to be shutdown and re-screened is a good example of a horribly fragile
system.


On Sat, Mar 22, 2008 at 09:16:55AM -0400, greg pryzby wrote:
> The entire liquid thing is crazy.

-- 
Mark Smith
mark@winksmith.com
mark@tux.org



More information about the Novalug mailing list