RE: [fw-wiz] Application-level Attacks

From: R. DuFresne (
Date: 02/19/05

  • Next message: ArkanoiD: "Re: [fw-wiz] i-cap proposals"
    To: "Marcus J. Ranum" <>
    Date: Fri, 18 Feb 2005 22:03:53 -0500 (EST)


    > The reason I jumped on your post is because I strongly
    > believe that in order for computer security to grow up and
    > stop being an intellectual backwater - we need to apply a
    > little science and attempt to accurately quantify what we
    > are doing. That means no more analysts practicing
    > proctological numerology, no more self-selected samples
    > used in polls, no more proof by vigorous hand-waving.

    The industry perhaps in worse shape then that, when marketing has taken
    over it from the ground up so completely that if one actually did take
    security serious and locked down their browsers, perhaps the most
    exploited attack vector of the current decade, to the point they are
    advised to, they'd not beable to cruise a single security site.

    Kinda like how a parent might say do as I say, not as I do...


    Ron DuFresne

            admin & senior security consultant:
    ...Love is the ultimate outlaw.  It just won't adhere to rules.
    The most any of us can do is sign on as it's accomplice.  Instead
    of vowing to honor and obey, maybe we should swear to aid and abet.
    That would mean that security is out of the question.  The words
    "make" and "stay" become inappropriate.  My love for you has no
    strings attached.  I love you for free...
                            -Tom Robins <Still Life With Woodpecker>
    firewall-wizards mailing list

  • Next message: ArkanoiD: "Re: [fw-wiz] i-cap proposals"