On 2/28/11 9:34 PM, Dobbins, Roland wrote: > > On Mar 1, 2011, at 12:23 PM, Mark Newton wrote: > >> That's new, and (to my mind) threatening. We've not even begun to >> consider the attack vectors that'll open up.
given that rfc 3041 had it's 10th birthday in january there's nothing new about any of this. > > I don't think it's new at all, given the amount of information > available today that you already cite, down to and including sniffing > on toxic hotel networks and the like. > > Folks are already easily pwn3d to extremes - look at HB Gary. This > doesn't constitute some huge new attack surface or information > leakage - especially given the existence of VPNs/proxies, the > tendency to store more and more data/apps on servers/in 'the cloud', > and so forth. > > In fact, the device one is actually using at any given moment and > where one is located when using said device is becoming less and less > relevant. > >> From a physical-security standpoint, leaky IM, SMTP headers, et. >> al. already give the game away. > > We've been living in this situation for years. Nothing about EUI-64 > changes this fact, IMHO. I dislike it immensely, but it isn't a > game-changer, IMHO. > > ----------------------------------------------------------------------- > > Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> > > The basis of optimism is sheer terror. > > -- Oscar Wilde > > >
