On Tue, 11 May 2004 15:02:30 PDT, "Schmidt, Michael R." said: > The consequences need to be severe enough. In order to accomplish that our > infrastructure has got to support the basic ability to find people who cause > problems. Anonymity is not an option. You've got this totally ass-backwards. If the network (*INCLUDING* end hosts) was secure enough that we were able to deal with the creators of the zombies, trojaned boxes, and so on, then it would be secure enough that we'd not have a *problem* with black hats having enough zombies and trojaned boxes and so on... The main reason why banks and LEO's can *afford* to spend lots of effort in tracking down people who manage to steal stuff out of bank vaults is because the vaults are tough enough to get *into* that it becomes a low-frequency event that they can handle. On the other hand, in many areas the local LEO isn't able to do much about check fraud at the local businessplace, mostly because the threshold for committing the fraud is much lower, so the frequency goes sky high.
Attachment:
pgp00046.pgp
Description: PGP signature