bugs and people Re: Code Red: What security specialist don't mention

[ark () eltex ru]

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

Sure it does not fix the problem, but it does more than just hiding it:
proxy is a thing much simplier than the whole set of applications that work
through it and it brings up a single point where we can control some common
bugs and vulnerabilities. Not all of them, anyways, and it is not bulletproof,
just useful.

About bugware, worms and other: there is thing that really scares me, it is
how do people react when shit happens: they do not even consider that to be
a human fault, they do not try to find an entity inside organisation that is
responsible for: purchasing/deploying bugware, running malicious code (Sircam
does not run itself using, say, buffer overflow in Outlook, it requires HUMAN
to run it!), not fixing known bugs in time, etc etc. They think about that like
something close to natural disasters one cannot prevent. Actually, everybody can.
And the offender should be punished if you don't want it to happen again and
again.

Darren Reed <darrenr () reed wattle id au> said :

> In some email I received from Joseph Steinberg, sie wrote:
> > > Tell me how any of those are going to find a buffer overflow in a new
> > daemon someone writes
> > > tomorrow with its own custom protocol ?
> >
> > Use an application-filtering tool/proxy that employs positive logic. Only
> > requests that conform to what the daemon expects will be let to pass
> > through. (You can protect the app-level-inspection engine with other types
> > of security -- such as Air Gap)... 
>
> So you're saying every piece of software that interacts with another via
> the network is to be filtered through an application proxy/tool ?
> I find that unacceptable.
>
> How the heck do we know that this filter isn't buggy ?
> Where are the gaurantees for it saying it has no buffer overflows ?
>
> Simply deploying more layers between two parties does NOT fix the problem,
> just attempts to hide it.
>
> The problem here is quality of software (or lack thereof) and the ability
> of vendors to legally provide/sell bugware.
>
> Darren

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQCVAwUBO3EN86H/mIJW9LeBAQHCegQAg27mlYYFxqhJQ/ai0W2AZp++YXB0q4UH
jqQsXx0cmXl0VdKAHV67b4VGJcdpbsa0igQm5REn56UkDhkqzhrMjv6YLJwvNnOk
dcTqAiJwLvI90npRILqlYmE9IU26wEUkQRbuDlv33WWl9vdqsAP1orWptE8DHG4L
bHhByg6ZYSw=
=gp8n
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards