Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)
From: Gwendolynn ferch Elydyr (gwen_at_reptiles.org)
Date: 06/03/04
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- In reply to: Paul D. Robertson: "Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- Reply: Paul D. Robertson: "Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Paul D. Robertson" <paul@compuwar.net> Date: Thu, 3 Jun 2004 10:39:04 -0400 (EDT)
On Thu, 3 Jun 2004, Paul D. Robertson wrote:
> One of the best quotes yet that I got from a vendor in a meeting was
> "Stop! I can't think that fast!" In that case though, the users were
> being pressured into evaluating and possibly purchasing something they
> didn't want- but politically couldn't dismiss themselves. I got invited
> to do the thing they were used to seeing me do- beat up the vendor over
> security- but this time it was to their advantage for me to poke holes in
> it, since it'd give them ammo for rejecting the whole silly scheme.
Wandering somewhat afield, the most remarkable reaction that I've ever
gotten from a vendor was the one who called up, practically in tears,
and proclaimed "You can't do this to me! It's not fair!" [0].
I was completely boggled that they thought that a social attack of that
nature was likely to have any effect other than causing me to flee farther.
More to the point, it also helps when you can go down a litany of
requirements with the vendor, and force them to address each item [1]...
> Get some sand, a bucket, a nail and a hammer, and *show* them how much
> effectiveness they lose with each port.
Hrm. I may have to try that... if nothing else, it's a fun example ;>
cheers!
[0] "this" being not including their product in the final evaluation
phase. At the time, they didn't have a TLS gateway, which was a showstopper.
[1] Then again, it's always fun to include "Meets RFC 1149 and 3514".
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet. This is the defining metaphor of my life right now."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- In reply to: Paul D. Robertson: "Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- Reply: Paul D. Robertson: "Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
