Re: [tlug] Bashing away at Unix

["Josh Glover" <jmglov@example.com>]

On 16/03/2008, Dave Brown <dagbrown@example.com> wrote:

>  S L Baur already explained this, but I will admit that this reminds me
>  of an amusing time when I offered to test out a restricted shell that
>  was hacked together for a programming contest by one of the smartest
>  security brains I know (Ian Goldberg).  As a beautiful example of "the
>  smartest fencer can be disarmed by a trick he doesn't know",
[...]
>  Remember history, for if you forget, it will bite you in your arse.

That is *a* lesson that can be learned from this anecdote, but not
*the* lesson. *The* lesson is thus:

"In matters of security, the defender is truly at a disadvantage, for
he must defend against *all* possible attacks, whereas the attacker
must only find *one* attack that works."

This basically means that an expert attacker (you) can often succeed
against one of the foremost security experts in the world, for your
advantageous terrain gives you an order of magnitude boost in
effective skill level.

Or in D&D terms, you get a +10 to your attack roll, and the defender
loses all AC bonuses due to Dexterity. ;)

-- 
Cheers,
Josh