Full Disclosure mailing list archives

Re: Zone Alarm


From: Shawn McMahon <smcmahon () eiv com>
Date: Thu, 5 Jun 2003 09:36:54 -0400

On Wed, Jun 04, 2003 at 04:03:57PM -0500, Schmehl, Paul L said:

There *are* cases where "not so great" security is better than "really
great" simply because "really great" won't get used and "not so great"
is therefore better (than nothing.)  It's all well and good that experts

And I would submit that most of us here are in fact guilty of that; how
many of us have at least one password, somewhere, that's ~8 characters,
mostly letters, as opposed to 128 random alphanumerics?  Who here has a
house with a deadbolt and an alarm system, but no armed guards?  A car
that you park in parking lots, with no bomb-sniffing dog going under it
before you get in?

Security that won't get used isn't security, it's theory.  It belongs in
classrooms and labs.  Security is a process, as well, not a binary flag.
It's not "exit code 1, insecure" one day, and "exit code 0, secure" the
next.


-- 
Shawn McMahon     | Let every nation know, whether it wishes us well or ill,
EIV Consulting    | that we shall pay any price, bear any burden, meet any
UNIX and Linux    | hardship, support any friend, oppose any foe, to assure
http://www.eiv.com| the survival and the success of liberty. - JFK

Attachment: _bin
Description:


Current thread: