lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: Steve.Kruse at lakelandgov.net (Kruse, Steve)
Subject: Sidewinder G2 

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brent:

Yes, I've read Bruce's feelings about hacker contest's before, and in
principle, I agree it doesn't "prove" a sustained attack by a
determined enemy with enough computing power and dollars (Rubles,
Yen, Euros whatever) can be thwarted.  If someone like a government
entity was hacking away at a firewall, they sure aren't going to
claim the prize; rather they now have the knowledge of how it was
done, use it, and keep quiet about it.  I have the utmost respect for
what Bruce says.

I'll agree "proven" is too strong a word.  But it would give me more
confidence that your average 133t h4x0r isn't going to run willy
nilly through the firewall.  They may find a way AROUND it, or
socially engineer their way in, sure.  Just not THROUGH it.

Score one for Brent.  Proven IS too strong.

Steve Kruse

J. Stephen Kruse, CISSP
Chief Information Security Officer
City of Lakeland, Florida
http://www.lakelandgov.net
mailto:steve.kruse@...elandgov.net
PGP Fingerprint: 20FF 54A6 AFA0 5492 8830  9687 3314 D77D DFC7 D848
   

> -----Original Message-----
> From: Brent J. Nordquist [mailto:b-nordquist@...hel.edu] 
> Sent: Tuesday, November 18, 2003 12:03 PM
> To: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] Sidewinder G2 
> 
> 
> On Tue, 18 Nov 2003, Kruse, Steve <Steve.Kruse@...elandgov.net>
> wrote:  
> 
> > Repeated "hacker challenges" by Secure Computing against 
> the Sidewinder
> > have proven it hasn't been compromised.
> 
> "Proven" is much too strong a word.  See:
> 
http://www.schneier.com/crypto-gram-9812.html#contests

- -- 
Brent J. Nordquist <b-nordquist@...hel.edu> N0BJN
Other contact information:
http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the way - Tim Bray
http://tinyurl.com/7sti

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP7pgEjMU133fx9hIEQKiSACguBmBadHYSjlV+ZYBmHi028viPLoAn1pd
q7Pr2om9md5nHVEU3aVFmws+
=Murr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ