lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: hhoffman at ip-solutions.net (Harry Hoffman)
Subject: Show me the Virrii!

Hi,


Quoting Valdis.Kletnieks@...edu:

I'm not sure that not protecting against known threats is a good idea. The
willingness to accept a "0-day" is limited by the necessity of Internet usage,
which (usually today) is a nesessity.
Not to protect against known virii would be negligent and lazy which is why most
modern OS's provide these "fixes" as patches to eventually become part of the
main OS.


Cheers,
Harry


*> Why?
*> 
*> Think it through - the Big Boys may have 6,000 patterns in their database,
*> but
*> let's face it, after the first few dozen, it's just penis-extender time.
*> 
*> Remember we're hopefully trying to *manage risk*.  And let's be honest with
*> ourselves here - which is more likely to show up at the virus scanner, a
*> copy
*> of Michelangelo, or a new Klez/Sobig/Gibe variant that neither you nor the
*> Big
*> Boys have a pattern for because it only came out 4 hours ago?
*> 
*> But you're perfectly willing to accept the risk of a 0-day that you don't
*> have
*> a pattern for, so why should you be unwilling to accept the risk of
*> something
*> even less likely?
*> 


-- 
Harry Hoffman
hhoffman@...solutions.net

#----------------------------------------------------------------#
# Harry: version 4.0a                                            #
# Known bugs:                                                    #
# 1) Verbal output may occur before data processing is complete. #
# 2) Loudspeaker option may activate without being invoked.      #
# 3) Other bugs as reported                                      #
#----------------------------------------------------------------#

-------------------------------------------------
This mail sent through IpSolutions: http://www.ip-solutions.net/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ