On Friday, 26 September, 2014 08:37,Jim Gettys <j...@freedesktop.org> said:
>For those of you who want to understand more about the situation we're >all in, go look at my talk at the Berkman Center, and read the articles >linked from there by Bruce Schneier and Dan Geer. >http://cyber.law.harvard.edu/events/luncheon/2014/06/gettys Unfortunately, that page contains near the top the ludicrous and impossible assertion: ""Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities", by Clark, Fry, Blaze and Smith makes clear that ignoring these devices is foolhardy; unmaintained systems become more vulnerable, with time." It is impossible for unchanged/unmaintained systems to develop more vulnerabilities with time. Perhaps what these folks mean is that "vulnerabilities which existed from the time the system was first developed become more well known over time". The fact that the folks in the next building can peep at your privates through the bedroom window on which you did not install blinds does not mean that the vulnerability only exists from the time it is published in the local tabloid -- it existed all along -- it did not "magically" come into existence at some point after the building was built, the window installed, and you moved in without putting up windows blinds. The fact that you did not become aware of it until you saw a photograph of yourself doing unmentionable things only serves as the point in time at which you became aware of your failure to properly assess the posture of the system in the first place. >Jim Gettys
