Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )

From: B. Scott Harroff (Scott.Harroff@att.net)
Date: 08/26/02

• Next message: Behm, Jeffrey L.: "RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / proje ct mayhem )"
• Previous message: B. Scott Harroff: "Re: [fw-wiz] VPN concentrators"
• In reply to: Paul D. Robertson: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
• Next in thread: Paul Robertson: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
• Reply: Paul Robertson: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
• Reply: R. DuFresne: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "B. Scott Harroff" <Scott.Harroff@att.net>
To: "Paul D. Robertson" <proberts@patriot.net>
Date: Mon Aug 26 11:14:25 2002

> Actually, I think it's not necessarily good to stop "folks like Jim-" the
> "bad apple" defense means you *must* stop Jim once he's reported.
> However, if you put in a mechanism and it has flaws, you could be more
> liable for the things that get through than you are if you don't try.
> Suddenly you've placed yourself in the position of an editor, and legally,
> not trying and not failing is different than trying and failing.

Your opinion is its better to do nothing and let 100% get though then though
a combination of technology / process / policy that stops 95%?

I think one would be better of showing "intent to protect and missing one
instance or two" than "doing nothing about a known problem".

---

• Next message: Behm, Jeffrey L.: "RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / proje ct mayhem )"
• Previous message: B. Scott Harroff: "Re: [fw-wiz] VPN concentrators"
• In reply to: Paul D. Robertson: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
• Next in thread: Paul Robertson: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
• Reply: Paul Robertson: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
• Reply: R. DuFresne: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Error after installation: no license rights? ... Can you identify the line of code it's failing on? ... no missing references." ... analyze those dependencies and include them with the installation? ... was missing, it should provide it. ... (microsoft.public.access.devtoolkits) Re: Is WINS needed for a Win2K3 / SQL Server 2000 Cluster? ... lookup), why would the instances not be failing over properly if WINS is ... What am I missing? ... (microsoft.public.sqlserver.clustering) Reinstalled XP..Cannot access old files ... I have just had to do the same thing due to XP failing - I ... installed XP into c:\windows1 directory to protect my ... >i removed the old operating system, ... >because the account no longer exists, ... (microsoft.public.windowsxp.security_admin) Re: java socket input reading troubles ... If it's a DatagramSocket, then missing or out-of-order data ... the packet stream (something that the server will have to support). ... Failing that, posting some code might allow people to help more effectively. ... (comp.lang.java.developer) Re: java socket input reading troubles ... If it's a DatagramSocket, then missing or out-of-order data ... the packet stream (something that the server will have to support). ... Failing that, posting some code might allow people to help more effectively. ... (comp.lang.java.programmer)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2002-08