On Sun, Feb 14, 2010 at 03:51:44PM -0800, Michael Thomas wrote:
Why is "security policy" different than "crown jewels"? If they own my
machine, they can tar up a svn checkout of the crown jewels and do
immeasurably more harm than shipping bogus anti spam reports.
Perhaps, but (a) that would be far more difficult to automate
(b) it might or might not serve their purposes (c) it would have
limited impact.
That and it might be *good* for them to start trying to game AS
reporting stuff: if the backend started looking for those patterns,
they'd probably stick out like a sore thumb, and you could put the
machine in the penalty box.
I'm sure that SOME of their attempts to game these would be sufficiently
heavy-handed as to stick out like a sore thumb. I'm equally certain
that some of them would not. Don't underestimate the enemy's intelligence,
diligence, or guile.
---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg