On Thu, May 27, 2010 at 7:23 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 27 May 2010 10:42:37 PDT, "andrew.wallace" said:
Look at it from an attackers point of view. If you're thinking about carrying out an electronic jihad of some kind when is the best time? A normal working day or during an engineers strike that only happens once every 23 years?
A co-worker of mine was asked by somebody high in the US government in late 1999 if he was worried about attackers trying to pull something on New Year's. Randy thought for a moment, and said "Hell no. There's going to be 3 zillion engineers and programmers watching for any minor hiccup that day. The time to pull something would be late January, when everybody's relaxed and stopped worrying".
The room got very quiet... :)
Are you *still* using the same threat models as you were 11 years ago? -- Andrew http://sites.google.com/site/n3td3v/