![](https://secure.gravatar.com/avatar/5306d2192184145045914113009e6d20.jpg?s=120&d=mm&r=g)
On Jan 15, 2010, at 10:43 AM, Jared Mauch wrote:
On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
Does anyone really believe that the use of targeted 0-day exploits to gain unauthorized access to information hasn't been at least considered if not used by spies working for other [than China] countries?
I think only those not paying attention would be left with that impression.
Spying has been done for years on every side of various issues. Build a more complex system, someone will eventually find the weak points.
Personally I was amused at people adding cement to USB ports to mitigate against the "removable media threat". The issue I see is people forget that floppies posed the same threat back in the day.
The reality is that the technology is complex and easily used in asymmetrical ways, either for DDoS or for other purposes.
The game is the same, it's just that some people are paying attention this week. It will soon go back to being harmless background radiation for most of us soon.
The "difference" this week is motive. In the 1980s-1990s, we had joy-hacking. In the 2000s, we had profit-motivated hacking by criminals. We now have (and have had for a few years) what appears to be nation-state hacking. The differences are in targets and resources available to the attacker. --Steve Bellovin, http://www.cs.columbia.edu/~smb