Re: [fw-wiz] concerning ~el8 / project mayhem

From: ark@eltex.ru
Date: 08/19/02 

From: ark@eltex.ru
To: mjr@ranum.com
Date: Mon Aug 19 13:17:32 2002

"Marcus J. Ranum" <mjr@ranum.com> said :

> >It's time to realize that there are things that are unknown to white hat
> >community and a security expert should _predict risks_ instead of using
> >traditional these days model "there is a bug recently discovered,
>
> Oh, COME OFF IT!! We've known THAT for EVER.

_We_ did. _THEY_ should be forced into that. The method is no good, but
others did not work :(

>
> It's only the desperate vendors and security newbies who subscribe
> to trivial penetrate-and-patch schemes. I've been known to advocate
> penetrate-and-patch-real-fast as an alternative to penetrate-and-patch-in-user-time
> but only out of frustrated desperation. Because the more obvious alternatives
> aren't happening due primarily to market pressures and cluelessness.

You said that. Aren't happening :(
 
[dd]

> So, please don't say "people need to get out of 'penetrate and patch'" when
> lots of us have been saying ALL ALONG that it's a bad idea. :) The fact
> that a huge number of people and organizations continue to do security
> design wrong is not because nobody knows how - unless you cound willful
> ignorance.

So they need a visual demonstration of the fact good design is _required_ and
its absense cannot be compensated with pach-real-fast methods. Looks like they
really do not want to know unless someone will force them. Yes, willful
ignorance, you're right.

                                     _ _ _ _ _ _ _
 {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
 (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
 [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!

Relevant Pages

  • Re: Dynamic column specification in table update
    ... Pro SQL Server 2000 Database Design - ... > primary key should be made up from your data. ... >> The only excuses tend to fall along the lines of laziness or ignorance. ...
    (microsoft.public.sqlserver.programming)
  • Re: Challenge for Darwinists - Protein Synthesis
    ... perfectly obvious that this must be the result of intelligent design. ... After being granted a long grace period by the patient scientific minds in t.o, WoS has definitely crossed the line from argumentative ignorance to obdurate foolishness. ... Beliefs which are held to - despite a lack of physical evidence - is the essence of religion. ... of the whole shebang, are formulas, exact formulas." ...
    (talk.origins)
  • Re: News: The Dogma of Darwinian Evolution
    ... Lee Jay wrote: ... ID is an argument from ignorance: ... There is an "appearance of design." ...
    (talk.origins)
  • Re: administrator rights
    ... > The application is written in ignorance of proper program ... > design, and they should be allowed to correct their mistakes ... running as the main admin with no other users set up. ...
    (microsoft.public.windowsxp.security_admin)