Re: Ten least secure programs

• Previous message: Manuel Fernandes: "RE: Deploying Microsoft patches"
• Maybe in reply to: Patrick Boucher: "Re: Ten least secure programs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 11 Jul 2003 15:30:39 -0700
To: compjma@hotmail.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mr Berry,

Please excuse the delay; I have been on business between multiple states

I do not necessarily disagree with your remark that Open Source code
(GNU Licensed) is inherently flawed or insecure nor do I disagree with
your rebuttal example of qmail in a general sense. But, if you take
my response in its totality (to your original request for information)
it is correct. I also understand your intent of this posting as to try
and generate a specific response to a question that exists in many Security
Professionals discussions. (What is the worst app)

Let me amplify further on my response:

1. Baselines are determined through sound Configuration Management.

2. Applications that have been applied or requested to be added to a
baseline via Configuration Management processes are Certified and Accredited
(C/A). (C/A includes the corporate security policy applicability and
effects, security test and eval, contingency planning, risk acceptance
and mitigation, lifecycle etc....)

3. All is determined through excepted Risk (Management decides not the
users). This is a business case as well as a securty issue.

4. Configuration Management is applied to policy and users follow policy
(At least they are required to: (Sarcastic))

In a nutshell, the sign on you’re would say: You are not allowed to install
any application. Contact your SysAdmin or CSO for more information.

Please excuse the truncation of my response. If you would like further
elaboration please let me know.

Beer is good........

Take Care,
Ron Mehring
Information Assurance Specialist

Snip>>>Your response>>>>
>From: <flood@hush.com>
>I recommend the following be identified as the most insecure:
>
>1. Freeware
>
>2. Shareware

I fail to see how the license can make software insecure, qmail is free
as
in beer, yet is very secure.

Snip>>>My Post>>>>

I recommend the following be identified as the most insecure:

1. Freeware

2. Shareware

3. Software\Hardware that bypasses security boundry [enclave] protection

4. Anything not on the company application/hardware baseline {Certified
and Accrediated}.

By the way,
Wireless Networks when properly implemented can be made extremly secure.
 But must be managed.

Take Care,
Ron Mehring
Information Assurance Specialist

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj8PO/sACgkQWK2PgP0JMmpmtgCeNXb7Wk0O558o3OU4RaSwGZ0OEY8A
n1SYUI7ejmGcsh5LkD0Oq2wcLxgf
=pS3j
-----END PGP SIGNATURE-----

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

• Previous message: Manuel Fernandes: "RE: Deploying Microsoft patches"
• Maybe in reply to: Patrick Boucher: "Re: Ten least secure programs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]