RE: [fw-wiz] Application-level Attacks

From: R. DuFresne (dufresne_at_sysinfo.com)
Date: 02/19/05

  • Next message: ArkanoiD: "Re: [fw-wiz] i-cap proposals"
    To: "Marcus J. Ranum" <mjr@ranum.com>
    Date: Fri, 18 Feb 2005 22:03:53 -0500 (EST)
    
    

            [SNIP]

    >
    > The reason I jumped on your post is because I strongly
    > believe that in order for computer security to grow up and
    > stop being an intellectual backwater - we need to apply a
    > little science and attempt to accurately quantify what we
    > are doing. That means no more analysts practicing
    > proctological numerology, no more self-selected samples
    > used in polls, no more proof by vigorous hand-waving.
    >

    The industry perhaps in worse shape then that, when marketing has taken
    over it from the ground up so completely that if one actually did take
    security serious and locked down their browsers, perhaps the most
    exploited attack vector of the current decade, to the point they are
    advised to, they'd not beable to cruise a single security site.

    Kinda like how a parent might say do as I say, not as I do...

    Thanks,

    Ron DuFresne

    -- 
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            admin & senior security consultant:  sysinfo.com
                            http://sysinfo.com
    ...Love is the ultimate outlaw.  It just won't adhere to rules.
    The most any of us can do is sign on as it's accomplice.  Instead
    of vowing to honor and obey, maybe we should swear to aid and abet.
    That would mean that security is out of the question.  The words
    "make" and "stay" become inappropriate.  My love for you has no
    strings attached.  I love you for free...
                            -Tom Robins <Still Life With Woodpecker>
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: ArkanoiD: "Re: [fw-wiz] i-cap proposals"

    Relevant Pages

    • RE: SQL Slammer doing the rounds again?
      ... "I used to hate writing assignments, ... this - Is there a valid business reason to expose UDP ... > Security Business Unit ... > at the largest, most highly-anticipated industry ...
      (Incidents)
    • Re: [SLE] setting multiple user id to 0 (zero) is bad ! Why?
      ... On 6/30/05, Chadley Wilson wrote: ... > again!!), uucp. ... > This reason however has been flawed as we have other sites that work properly ... that it was due to sloppy and lazy security practices. ...
      (SuSE)
    • Re: non-disclosure of infrastructure problem a management issue?
      ... It doesn't seem likely that that was the reason. ... to say that it was about security. ... I did trust the Fedora project. ... and I have the sense not to speculate without the full facts. ...
      (Fedora)
    • Re: IE6 vs IE& vs IE8 on SBS
      ... has IE6 or earlier installed, ... security problems with IE6 and earlier, ... have a compelling reason to put IE7 on the server. ...
      (microsoft.public.windows.server.sbs)
    • Re: Please do not change your password [telecom]
      ... essentially discredits the whole security paradigm. ... Not to mention the whole "forgot your password" secret questions. ... If you post the name of your first pet on Facebook, there is no reason to ... and phishing attacks are still a risk, but so are securities fraud and ...
      (comp.dcom.telecom)