Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?

• Previous message: Paul Melson: "RE: [fw-wiz] Host based vs network firewall in datacenter"
• In reply to: R. DuFresne: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
• Next in thread: Dave Piscitello: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
• Reply: Dave Piscitello: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "R. DuFresne" <dufresne@sysinfo.com>, Dave Piscitello <dave@corecom.com>
Date: Mon, 13 Jun 2005 15:13:36 -0400

R. DuFresne wrote:
>Failing to do so moves liability out of the end users realm, even Marcus would have to agree there.

I couldn't agree more - if a vendor misrepresents their product they
should be held accountable. There are agencies of the government
that are already responsible for enforcing truth-in-advertising rules,
and there are precendent-setting decisions that hold the vendors
liable in such circumstances.

In the field of software, we have 2 problems - one: the truth
in advertising rules are not being enforced effectively, and
two: "shrink wrap" licensing has been upheld as a way of
releasing vendors for all responsibility - even the consequences
of their outright lies.

Outright lies? Isn't that a bit severe? Well, I give you one
case in point: I recently re-installed Windows XP on my
desktop machine (my annual "clean scrape") and as it was
installing (and on the product box) Microsoft touted XP as
a way to "quickly and securely access the Internet" Oh. Really?

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Paul Melson: "RE: [fw-wiz] Host based vs network firewall in datacenter"
• In reply to: R. DuFresne: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
• Next in thread: Dave Piscitello: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
• Reply: Dave Piscitello: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [fw-wiz] Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) ... > disclosure" coding up patches, fixes, or anything other than attacks. ... included as vendor contact dates, vendors response, a CVE ... >> the DCMA to go after a security consulting/research site for disclosing ... with responsibility in any sense of the term, ... (Firewall-Wizards) Re: Towards a responsible vulnerability process ... patch the base products that allow virus and worm propagation. ... The perfect example of this is codered, the antivirus community considers it ... a virus and therefore the responsibility of the AV community to protect us ... reality it is the vendors responsibility to provide the secure products they ... (NT-Bugtraq) [Full-Disclosure] A two way street: Re: It takes two to tango Re: [Full-Disclosure] OT: Snosoft ... It would seem that if vendors were to be fair about disclosure issues, ... if not a three way intersections of responsibility and cooperation. ... researchers, but, to the customerbase of the vendors who clothe themselves ... (Full-Disclosure) Re: [Full-Disclosure] DCOM RPC exploit (dcom.c) ... > The root of the problem is m$, they should take responsibility for the worms. ... I agree completely that maybe the best way to stop all this is to make vendors ... it's a lot easier to start saying that a security flaw is ... (Full-Disclosure)