Re: [fw-wiz] Application-level Attacks

From: Anthony de Boer (adb-fww_at_leftmind.net)
Date: 02/21/05

  • Next message: Paul D. Robertson: "Re: [fw-wiz] i-cap proposals" 
    To: firewall-wizards@honor.icsalabs.com
Date: Mon, 21 Feb 2005 10:32:58 -0500

    R. DuFresne wrote:
    > The industry perhaps in worse shape then that, when marketing has taken
    > over it from the ground up so completely that if one actually did take
    > security serious and locked down their browsers, perhaps the most
    > exploited attack vector of the current decade, to the point they are
    > advised to, they'd not beable to cruise a single security site.

    One senses business plans built on the problem, rather than the solution.

    People would rather be able to hear that they can continue doing the
    broken things they're already doing, so longs as they throw a respectable
    amount of money at a Security Vendor for some magic security sugar to
    toss over what they're doing. Get some antivirus coverage against last
    week's problems, and believe that the industry is utterly defenceless
    against the next slightly-different exploitation of known vectors.

    And there's certainly a big pile of money to be made from that. Heavens,
    if you actually solved the problem and people said thank-you and pinned a
    medal on you and then walked away, where would you be?

    Doing things robustly, and actually letting security considerations
    affect what you're doing and how you do it, just isn't popular enough.
    Fortunately, there will always be a few of us who were never big on this
    popularity thing. 

    -- 
Anthony de Boer
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Paul D. Robertson: "Re: [fw-wiz] i-cap proposals"

    Relevant Pages

    • sshd exploit & $1,000 whine
      ... between the security community and the underground community* ... You say it affects the "whole industry." ... vulnerability research and exploit coding. ... > * CUA find a problem in vendor ABC's product ...
      (Vuln-Dev)
    • 0-day exploit..do i hear $1000?
      ... industry. ... L33t Hacker writes to ABC ... Security firm 123 implement patches for brain dead clients. ... CUA codes the exploit ...
      (Pen-Test)
    • Re: 0-day exploit..do i hear $1000?
      ... > industry. ... > people/firms that makes money from the bug are Security Firms 123 and 456. ... I don't care, guys who write exploits wouldn't care much, ...
      (Vuln-Dev)
    • Re: A question on security postgraduate programs
      ... much prefer to work in the industry. ... exploits rather than spending a year or two doing a masters that may ... A question on security postgraduate programs ... One very good course in the UK is the MSc Information Security at UCL ...
      (Security-Basics)
    • Re: [fw-wiz] tunnel vs open a hole
      ... better code, better testing, implies larger cost. ... MS IIS has bugs, bugs are reported in the industry news, bugs get fixed. ... How many CEOs have lost their job due to an Internet break-in? ... How many companies have gone out of business due to a bad security tool ...
      (Firewall-Wizards)
    • Quantcast