On Friday, 26 September, 2014 08:37,Jim Gettys <j...@freedesktop.org> said:

>For those of you who want to understand more about the situation we're
>all in, go look at my talk at the Berkman Center, and read the articles
>linked from there by Bruce Schneier and Dan Geer.

>http://cyber.law.harvard.edu/events/luncheon/2014/06/gettys

Unfortunately, that page contains near the top the ludicrous and impossible 
assertion:

""Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code 
in Zero-Day Vulnerabilities",  by Clark, Fry, Blaze and Smith makes clear that 
ignoring these devices is foolhardy; unmaintained systems become more 
vulnerable, with time."

It is impossible for unchanged/unmaintained systems to develop more 
vulnerabilities with time.  Perhaps what these folks mean is that 
"vulnerabilities which existed from the time the system was first developed 
become more well known over time".

The fact that the folks in the next building can peep at your privates through 
the bedroom window on which you did not install blinds does not mean that the 
vulnerability only exists from the time it is published in the local tabloid -- 
it existed all along -- it did not "magically" come into existence at some 
point after the building was built, the window installed, and you moved in 
without putting up windows blinds.

The fact that you did not become aware of it until you saw a photograph of 
yourself doing unmentionable things only serves as the point in time at which 
you became aware of your failure to properly assess the posture of the system 
in the first place.

>Jim Gettys




Reply via email to