lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: automated vulnerability testing On Sun, 30 Nov 2003, Jonathan A. Zdziarski wrote: > > > Aren't such measures -- especially the former -- simply crutches that > > effectively _encourage_ the continuation of poor (even downright > > negligent) programming practices? > > Only to the extent that TCP wrappers and firewalls are simply crutches > to effectively encourage the continuation of poor systems > administration. > > Quite a flaw in logic there, I'm sure you meant; Only to the extent that TCP wrappers and firewalls are simply crutches to effectively encourage the continuation of poor systems networking protocols that already exist. Being that the flaws are inherent to the network protocols in use. Admins have long known how to lock a system down, and keep it that way, remove all users and limit access and functionality. That tends to make the system far less then useful. But, the core issue lies with the networking protocools that are meant to make iintersystem communications actually happen. There was no security within their design, security was the lowest factor in the developers mind at the time. And of course a rewrite of all that code and then pushing that to the internet-citezenry at large would be fairly daunting eh? Look how well the conversion from ssh1 to ssh2 has progressed... Thanks, Ron DuFresne
Powered by blists - more mailing lists