[Full-disclosure] Re: [ISN] How To Save The Internet

From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
Date: 03/24/05

Next message: Thomas Sutpen: "Re: [Full-disclosure] Asshat coders"

Previous message: str0ke_at_milw0rm.com: "[Full-disclosure] Asshat coders"
In reply to: Ben Vaisvil: "[Full-disclosure] Re: [ISN] How To Save The Internet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 24 Mar 2005 12:42:08 +0530
To: bugtraq@securityfocus.com

On 23/03/05 13:51 -0600, Ben Vaisvil wrote:
> The truth is most people are not "skilled" enough to operate their PC's
> at a level that isn't "dangerous" to the rest of the network/internet.

This is a result of the fact that pseudo Turing machines like computers
are more complex than most people understand.

> Nor should they have to be. With better operating system and software
> design we can mitigate those risks, but never eliminate them. There is
> no one simple solution to a security problem - it always a
> process. The problem often lies that the default configuration for
> software and OS's are inherently insecure, allowing problems to propagate.

Default configuration for software? Other than Windows, which consumer
oriented OS is inherently insecure? MacOS X, Linux variants, *BSD?

> No normal computer user should be expected to become a system
> administrator for their computer. Design is what has let us
> down - the fact I have be active to protect my computer is the problem.
>
The alternative is a locked down system which will not do everything
your computer can do. These are better known as appliances, and have
been rejected by the market till date.

The "normal" computer user wants powerful and flexible systems.
The price of power is responsibility.

Devdas Bhagat
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Next message: Thomas Sutpen: "Re: [Full-disclosure] Asshat coders"

Previous message: str0ke_at_milw0rm.com: "[Full-disclosure] Asshat coders"
In reply to: Ben Vaisvil: "[Full-disclosure] Re: [ISN] How To Save The Internet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Disk/LCD defect tolerant models for FPGA sales
... is that defect map has to get into your system somehow. ... Not discussed was a proposal that the FPGA vendor could provide maybe ... time to load a configuration, plus if the configuration is generated on ... but also architecturally optimizing the design ...
(comp.arch.fpga)
Re: Update on Carte Blanche status.
... We had to resolve the second issue one way or the other before shipping the boards and ideally I wanted to improve the default configuration because there was no easy way to update "it in the field" without extra hardware. ... So I spent the last month designing an easy way to update the configuration in the flash eeprom without any extra hardware. ... I had to completely dismantle the hard-wired SPI controller used in the old version and replace that with a very simple SPI module controlled by the soft Z80 inside the FPGA. ... MMC/SD reading is now very reliable even with an SD card that was very flaky with the old design. ...
(comp.sys.apple2)
Re: Active/Active/Active/Passive and Database Mirroring
... resoruces (disks, IPs, and network names). ... It's a reasonable design in a four-node cluster to have three SQL2005 ... Microsoft SQL Server MVP ... In the active/active/active/passive configuration is it possible to ...
(microsoft.public.sqlserver.clustering)
Re: Spartan-3 configuration -- peculiar problem
... >> Configuration worked perfectly from the get-go. ... Checked the design and noticed I had ... >> By then I had fixated on the INIT line being low, ... >>synthesis tool re-defined it as an unused pin. ...
(comp.arch.fpga)