[Cialug] Access credentials for new cloud instances

Don Ellis don.ellis at gmail.com
Mon Jan 23 17:10:10 CST 2012


On Mon, Jan 23, 2012 at 5:08 PM, Don Ellis <don.ellis at gmail.com> wrote:
> On Mon, Jan 23, 2012 at 4:58 PM, Zachary Kotlarek <zach at kotlarek.com> wrote:
>>
>> On Jan 23, 2012, at 2:23 PM, Thomas Kula wrote:
>>

...

>> My point is just that there are lots of tools/systems you probably already use that are subject to the same sort of attack, and I don't think there's any reason to believe that this particular service would be more susceptible to such an attack.
>>
>>        Zach
>
> Zach, I agree. Just because it could happen doesn't mean it is likely.
> Much more important to block the attacks that are most convenient and
> most likely. For example, it's reasonable to put a deadbolt lock on
> your house door (and use it) and a club on your car. There are ways to
> bypass either of them, but most attackers are likely to move on to
> another victim rather than bother with attacking you. And, someone has
> mentioned that if you have reasonable security on your system, it is
> often much easier to physically attack the person to get a required
> secret than to try to attack the system. Rubber hose attack vectors
> are much faster and more effective than most  systems available to
> script kiddies, especially when the system has something of value.
>
> --Don Ellis

And, here's the XKCD commentary on the topic:

    http://xkcd.com/538/

--Don Ellis


More information about the Cialug mailing list