Talk:Santtu

Caroline's comments for Santtu

[JSpaith] I made some minor nit pick edits to some wording here and there. Some high level comments on the "1. An Attack in 2014: A Walk Through"

In saying "have data access" - do you mean Internet access?

"Although desktop email software has been protected against this type of auto-emailing for multiple years, the equivalent cell phone software has not been and Joe’s plan succeeds." -- I'm on Windows CE and I take issue with this. We're paranoid about security at all layers and I hope by 2014 we'll have low-hanging fruit like this fixed :). The policy maker probably won't care and you don't have to change this, but I want to go on the record here.

Santtu 11:44, 30 Nov 2004 (PST) I too hope that these low-hanging fruit are fixed by 2014. :) I take a look at changing this to something else, something that does not point at MS as directly... ;-)

"Joe takes a list of vulnerable cell phone numbers he’s been creating" - Not quite sure how Joe is doing this? Does he have a scanner or something or get the list from other hacker buddies?

Santtu 11:44, 30 Nov 2004 (PST) I'll add an explanation for this. Researchers have actually studied worms that prime their spread using such a list...

General: I think you want to personalize the other end of the story more - i.e. the politician getting hit. Suppose we have a super-honest, 80 year old politician who has a disease that's not his fault (i.e. not venereal). Maybe because of advances in genetics we know now there's a 95% chance he'll get alzimers in the next 10 years, even though he's very sharp right now. This info is leaked 2 days before the election, causing voters to reject him and favor a dishonest candidate who happens to be Joe's uncle.

Santtu 11:44, 30 Nov 2004 (PST) Good suggestion. I'll make it more personal.

[JSpaith] This is the introduction to the paper as a whole, and not just your section - correct? If it's the intro to the aper as a whole, you may want to have a 50,000 foot overview of where we're going. This is really a Caroline policy-paper type question, but in English class papers they always made us do the super-high level overview.

Santtu 11:44, 30 Nov 2004 (PST) I didn't include a 50,000 foot overview because I recall there was some outline where we had separate intro and conclusion sections in addition to our chapters, but we can definitely modify that.

--Jack Richins 10:08, 29 Nov 2004 (PST) I wonder if we should move the buffer overflow analogy from my section to this section since you discuss buffer overflows here. It might make it easier to understand buffer overflow exploits. Of course it might fit better where it is now in my section - my section already dives deeply into buffer overflows. Just a thought.

Santtu 11:44, 30 Nov 2004 (PST) I think we can leave it in your section. I may remove the integer overflow story from mine and just focus on the progression of attacks without explaining them in detail.