Interesting bit of a quote

Thread: Interesting bit of a quote

Search this list only Search all lists
Interesting bit of a quote
	2006-07-13 17:23:52
John Kelsey wrote: > It's interesting to me that this same kind of issue comes up in voting > security, where computerized counting of hand-marked paper ballots (or > punched cards) has been and is being replaced with much more > user-friendly DREs, where paper poll books are being replaced with > electronic ones, etc. It's easy to have all your procedures built > around the idea that records X and Y come from independent sources, > and then have technology undermine that assumption. The obvious > example of this is rules for recounts and paper record retention which > are applied to DREs; the procedures make lots of sense for paper > ballots, but no sense at all for DREs. I wonder how many other areas > of computer and more general security have this same kind of issue. being slightly perverse ... there is the analogy with the new england net. at one point somebody went to the trouble to get nine(?) 56kbit circuits routed out of the new england area on nine distinct physical trunks (diverse routing, telco provisioning). however, over a period of years, nobody appeared to pay attention as the unique circuits were consolidated to fewer and fewer physical trunks. one day, someplace in conn., the new england net fell victim a backhoe denial of service attack (and the new england net was partitioned from the rest of the world for a couple of days). so one might conjecture that the sox approach to the opportunity is to retrofit the complete length of the single physical trunk with a bunker, built to bank vault specifications ... as a countermeasure to the backhoe denial of service attack. possibly the only "new" real countermeasure in sox is the part about informants ... recently i was told that the typical sox bill for a small to medium size $25m corporation runs $800k. misc. past sox references: http://www. garlic.com/~lynn/2006h.html#58 Sarbanes-Oxley http://www.g arlic.com/~lynn/2006i.html#1 Sarbanes-Oxley http://www .garlic.com/~lynn/aadsm24.htm#35 Interesting bit of a quote http://www .garlic.com/~lynn/aadsm24.htm#36 Interesting bit of a quote ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

[1]

about | contact Other archives ( Real Estate discussion Medical topics )