> On Feb 24, 2019, at 5:51 PM, Keith Medcalf <kmedc...@dessus.com> wrote: > > That they also "forgot" to disable DNSSEC on PCH is not particularly > relevant. It only goes to prove my point that DNSSEC is irrelevant and only > gives a false sense of security (for this particular attack vector).
For those watching from the sidelines, This guy is perfectly encapsulating one
of the arguments that seem to pop up in the wake of attacks: “What actually
happened is irrelevant, because I can imagine other things that could
hypothetically have happened, but didn’t, which would have reinforced my view
of the world.”
I can’t say that I understand the psychology behind people thinking this way,
but as we’re choosing to be transparent about our experience for the benefit of
others, I thought I’d highlight this particular quirk, as Mr. Medcalf is far
from alone (not about DNSSEC specifically, but apparently attacks bring people
with all manner of chips on their shoulders out of the woodwork). It’s a
particularly self-defeating logical fallacy, so being aware of it is the first
step to recognizing it and avoiding it.
-Bill
signature.asc
Description: Message signed with OpenPGP
