lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: Please post to the list 

>-----Original Message-----
>From: ratel [mailto:ratel@...lvault.com] 
>Sent: Friday, November 22, 2002 9:05 PM
>To: full-disclosure@...ts.netsys.com
>Subject: Re: [Full-Disclosure] Please post to the list 


-----BEGIN PGP SIGNED MESSAGE-----

>On 22-Nov-2002 12:19:52 -0500, you wrote:

>>in your ideal world, how would you help
>> me stay secure and prevent all the attacks that bludgeon my network?

>>This is a legitimate question, and I would appreciate a legitimate  
>>answer, rather than the usual blather that has dominated this list.
>
>Two words: AIR GAP.

Not an option, therefore not worth discussing.

>Nothing could be simpler: don't put anything you wouldn't mind losing 
>on a box that connects to the intenet. 
>
>Radical, I know--but if it works for JTF-CNA it certainly works for me.
>
>Speaking of the Devil, do you really think those delightful fellows 
>employed by JTF-CNA, NSA &c. really run to tell Microsoft and other 
>vendors everytime they find a hole/sidechannel/backdoor in their 
>software? Do you honestly think any man jack of them spends two seconds

>concerning himself with this kind of anguished hand-wringing debate?

Do you really think the average sysadmin cares?  All this is nothing but
side-show to distract from the weakness of the blackhat argument.

>Forget it. In their world, full disclosure is irrelevant. Dead. A bad 
>joke. Grow up and stop kidding yourselves.

I'm not the one kidding myself.

>The ugly truth is that some of the greatest, most technically
brilliant, 
>truly ethical-after-their-own fashion blackhats are pulling paychecks 
>from Ft. Meade. 
>
>Ethical, because for them it's not about money.
>It's about control. 
>After all, "Information is Power".
>
>They've been running rings around all you poor suckers for years. 
>
>And as long as you aren't protecting your critical information 
>yourself with an air gap? Content to rely on corrupt scumbag snake 
>oil vendors to "protect you" as they pick your pocket and sell you 
>out time and again to the highest bidder? 

Do you lay awake at night to think this stuff up?  It's really comical.

Paul Schmehl (pauls@...allas.edu)
TCS Department Coordinator
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ