Beating Up On Microsoft...
From: Gerard Marshall Vignes (gerardvignes_at_yahoo.com)
Date: 09/12/03
- Next message: Bill Sanderson: "Re: message from microsoft"
- Previous message: Julie: "trouble with cookies"
- Next in thread: Allen Robins: "Beating Up On Microsoft..."
- Reply: Allen Robins: "Beating Up On Microsoft..."
- Reply: N. Miller: "Re: Beating Up On Microsoft..."
- Reply: Gerard Marshall Vignes: "Re: Beating Up On Microsoft..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Sep 2003 17:10:44 -0700
While everyone is busy beating up on Microsoft...
It might be a good idea to look at the Internet as a whole. Taking Microsoft
to task isn't going to accomplish as much as we might like to believe.
Email is INSECURE BY DEFAULT.
FTP is INSECURE BY DEFAULT.
Just About Everything on the Internet is INSECURE BY DEFAULT.
This is everyone's problem! We are in this together!
We got into this Internet thing because it was obviously a good idea.
Unfortunately, we never bothered to take security seriously (until lately).
Now we are paying the price. The proper term is "diseconomy."
Common Sense is what we need now. Common Sense must be backed up by simple,
affordable measures that are universally adopted.
By now, several basic measures have been identified as absolutely necessary.
1. Every Computer should run an anti-virus program.
2. Every Computer that is connected to the Internet should be protected by
a firewall.
Unfortunately, this stops short of what is really needed to put an end to
the present nightmare we are living and working in.
Additional steps should be adopted universally.
3. Every Computer that is connected to the Internet must have at least one
Verifiable Certificate to properly identify the owner. By default ignore any
computer that is not properly identified.
4. Every Computer offering services on the Internet must have a Verifiable
Certificate that identifies the service provider and, if necessary, protects
the service using some form of authentication, encryption, digital
signature, etc. By default ignore any service that is not properly
identified and, if necessary, protected.
5. Every Person who sends email over the Internet must have a Verifiable
Certificate that digitally signs the email. This digital certificate must
positively identify the sender. By default, any email that is not digitally
signed is rejected as SPAM.
6. All email-related services should be Secured by Default using some form
of Authentication, Encryption, etc. to protect the communication.
7. All other internet-related services should be Secured by Default, using
an appropriate level of Authentication, Encryption, etc. to protect the
communication.
8. There are probably more steps that I do not know about which should be
taken.
We have been responding to security issues by closing the gate after the
cows have gotten out. Moooooooo People! This is not the best way. Security
is best handled by a proactive approach that identifies threats and responds
to them BEFORE THEY ARE REALIZED.
We can do better than we have been doing, but we are only going to make real
progress if our efforts are universal and proactive.
I don't think that running Microsoft out of business is going to accomplish
anything.
Gerard Marshall Vignes
- Next message: Bill Sanderson: "Re: message from microsoft"
- Previous message: Julie: "trouble with cookies"
- Next in thread: Allen Robins: "Beating Up On Microsoft..."
- Reply: Allen Robins: "Beating Up On Microsoft..."
- Reply: N. Miller: "Re: Beating Up On Microsoft..."
- Reply: Gerard Marshall Vignes: "Re: Beating Up On Microsoft..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
