Re: [fw-wiz] concerning ~el8 / project mayhem
From: ark@eltex.ru
Date: 08/19/02
- Next message: Dave Piscitello: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Previous message: Jim MacLeod: "Re: [fw-wiz] OT- Anybody used any of the Anti-virus all-in-one etc. devices."
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: ark@eltex.ru To: mjr@ranum.com Date: Mon Aug 19 13:17:32 2002
"Marcus J. Ranum" <mjr@ranum.com> said :
> >It's time to realize that there are things that are unknown to white hat
> >community and a security expert should _predict risks_ instead of using
> >traditional these days model "there is a bug recently discovered,
>
> Oh, COME OFF IT!! We've known THAT for EVER.
_We_ did. _THEY_ should be forced into that. The method is no good, but
others did not work :(
>
> It's only the desperate vendors and security newbies who subscribe
> to trivial penetrate-and-patch schemes. I've been known to advocate
> penetrate-and-patch-real-fast as an alternative to penetrate-and-patch-in-user-time
> but only out of frustrated desperation. Because the more obvious alternatives
> aren't happening due primarily to market pressures and cluelessness.
You said that. Aren't happening :(
[dd]
> So, please don't say "people need to get out of 'penetrate and patch'" when
> lots of us have been saying ALL ALONG that it's a bad idea. :) The fact
> that a huge number of people and organizations continue to do security
> design wrong is not because nobody knows how - unless you cound willful
> ignorance.
So they need a visual demonstration of the fact good design is _required_ and
its absense cannot be compensated with pach-real-fast methods. Looks like they
really do not want to know unless someone will force them. Yes, willful
ignorance, you're right.
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
- Next message: Dave Piscitello: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Previous message: Jim MacLeod: "Re: [fw-wiz] OT- Anybody used any of the Anti-virus all-in-one etc. devices."
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
