Re: [Full-disclosure] WEEPING FOR WEP



On Fri, 6 Apr 2007 neal.krawetz@xxxxxxxxxxxx wrote:

...
moderate risk) environments, you need to remember: security is a
measurement of risk. If the threat is low enough, then WEP should
be fine.
...

Wait just a minute. Do you propose to say that "security" is an economic
good, with associated opportunity costs and benefits? But just the other
day, all the anti-virus vendors and trade rags in the world seemed to
say that "security" was binary, and "on" is the preferred state.

What the sam scratch is going on around here? Do I have to make a tradeoff,
again?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: Risk Ranking...
    ... get his book The Tao of Network Security Monitoring. ... I had the same problem as you when I was trying to come up with some risk ... The vulnerability must be exploited locally. ... If a piece of malware is a blended threat (able to exploit multiple ...
    (Security-Basics)
  • Re: How does a customer get PCI audited?
    ... Testing at a higher threat level means performing research against the target to be assessed. ... These controls are by>nature essential, but they are also quantitatively less effective than>preventative controls. ... You can not prevent something from happening unless you are aware of the risk first. ... The same goes for over 90% of red teams. ...
    (Security-Basics)
  • Re: Householder Executes Burglar Using Camerons Law
    ... considered weighing-up of all the factors. ... When faced with a threat to yourself, ... If I succeeded in either incapacitatng the burglar or chasing him ... I am certainly not going to risk significant ...
    (uk.legal)