Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
tlug: How to assess security risk [was: Cookies and Netscape]
- To: tlug@example.com
- Subject: tlug: How to assess security risk [was: Cookies and Netscape]
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Date: Thu, 12 Aug 1999 09:49:30 +0900 (JST)
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain; charset=us-ascii
- In-Reply-To: <37B157E6.6DCF870D@example.com>
- References: <199908082117.VAA129164@example.com><37B0A1A7.6A446F84@example.com><14257.3190.324084.700677@example.com><37B157E6.6DCF870D@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug@example.com
>>>>> "Fredric" == Fredric Fredricson <Fredric.Fredriksson@example.com> writes:
Fredric> My point is that cookies is not _THE_ threat to your
Fredric> personal integrity that you face when you surf the
Fredric> internet but just one of many. It all boils down to
Fredric> personal preferences, of course, but to me cookies are
Fredric> more useful than harmful, but this may be just me.....
Nobody said they are _the_ threat AFAIK. Certainly not me.
In practice, I think cookies are more useful than harmful, too.
But it's not just a question of personal preferences; serious
strategic analysis (very elementary, but in earnest nonetheless)
applies here. The bad guys (both truly evil people and those who have
taken one credit too many in a bad undergraduate business program)
will push hard on the theoretical. I think that one important reason
that cookie use is as restrained as it is is because some hoo-hah was
made. Freedom _has_ been paid for by the blood of patriots.[1]
Believe me, if the people mentioned above thought they could get away
with it, they'd come up with mechanisms to upload your entire system
configuration and any files that mention "money" to their corporate
database.
That is absolutely undeniable---because they've already done it. (The
Prodigy scandal. Whatever method MS used to track that virus to its
author.)
The bottom line is that security risks are strategic uncertainty in
the sense that historical frequency of abuse is no guide to future
probability of abuse. Strategic uncertainty must be assessed in
terms of _possibility_ of abuse and _benefit versus cost_ to abusers.
Footnotes:
[1] In this case, that's an exaggeration. "Blood" == miniscule
additional risk of repetitive stress injury from typing the PRIVACY
section of RFC 2109. ;-)
--
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091
__________________________________________________________________________
__________________________________________________________________________
What are those two straight lines for? "Free software rules."
-------------------------------------------------------------------
Next Technical Meeting: August 14 (Sat), 13:00 place: Temple Univ.
*** Special guest: Marc Christensen (Salt Lake Linux Users Group)
Next Nomikai: September 20 (Fri), 19:30 Tengu TokyoEkiMae 03-3275-3691
-------------------------------------------------------------------
more info: http://www.tlug.gr.jp Sponsor: Global Online Japan
- References:
- tlug: Cookies and Netscape
- From: "Subba Rao" <subb3@example.com>
- Re: tlug: Cookies and Netscape
- From: Fredric <fredric.fredriksson@example.com>
- Re: tlug: Cookies and Netscape
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Re: tlug: Cookies and Netscape
- From: Fredric Fredricson <Fredric.Fredriksson@example.com>
- tlug: Cookies and Netscape
- Prev by Date: tlug: Components / Net Access
- Next by Date: Re: tlug: Components / Net Access
- Prev by thread: Re: tlug: Cookies and Netscape
- Next by thread: tlug: Authentication
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |