|
Firewall Wizards
mailing list archives
Re: concerning ~el8 / project mayhem
From: ark () eltex ru
Date: Mon, 19 Aug 2002 20:05:26 +0400
"Marcus J. Ranum" <mjr () ranum com> said :
It's time to realize that there are things that are unknown to white hat
community and a security expert should _predict risks_ instead of using
traditional these days model "there is a bug recently discovered,
Oh, COME OFF IT!! We've known THAT for EVER.
_We_ did. _THEY_ should be forced into that. The method is no good, but
others did not work :(
It's only the desperate vendors and security newbies who subscribe
to trivial penetrate-and-patch schemes. I've been known to advocate
penetrate-and-patch-real-fast as an alternative to penetrate-and-patch-in-user-time
but only out of frustrated desperation. Because the more obvious alternatives
aren't happening due primarily to market pressures and cluelessness.
You said that. Aren't happening :(
[dd]
So, please don't say "people need to get out of 'penetrate and patch'" when
lots of us have been saying ALL ALONG that it's a bad idea. :) The fact
that a huge number of people and organizations continue to do security
design wrong is not because nobody knows how - unless you cound willful
ignorance.
So they need a visual demonstration of the fact good design is _required_ and
its absense cannot be compensated with pach-real-fast methods. Looks like they
really do not want to know unless someone will force them. Yes, willful
ignorance, you're right.
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- Re: concerning ~el8 / project mayhem, (continued)
| 
Intro
