lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: dufresne at winternet.com (Ron DuFresne)
Subject: Re: January 15 is Personal Firewall Day, help the cause

Look folks, it's Friday, and almost the start of a long weekend here in
the Us <woohoo! we love long weekends>  and I just don;t wish to spend it
replying to all the eggheads trying to disparage someones attempt to do a
good thing<TM>.  So, my last to the list on this topic before the long
drive home, is this short exchange between me and Paul Robertson about
this lists thread on the topic <thanks for permission to post this Paul>
headers removed to lighten the bandwidth consumption just a tad;;


 ---------- Forwarded message ----------
Subject: Re: not sure

On Fri, 16 Jan 2004, R. DuFresne wrote:

> if you follow fulldisclosure, but thor larkholm put out a notice there and
> a few other lists about personal firewall day.  And many  on the full

I saw the early ones and replied off-list to one poster, but I'm not
directly subscribed to full-disclosure.  Feel free to pass along anything
or this message if you think it's appropriate.

> disclosure list have mis-interpreted this event as a marketing ploy by M$,
> tru-secure and a number of anti-viri vendors and personal firewall

1.  TruSecure doesn't do home user things[1] and the Web site is hosted on
my personal machine[2].  I tried at first to do this as a completely
community-sponsored event, and got lots of "Great idea!" but no help from
anyone other than Russ Cooper[3] content-wise.

2.  I went to the vendors, and "sponsorship" meant they put time and
effort into the event.  That's it.  No money, nothing in trade, just
actual work on the project.

3.  I don't even run Windows.  My comments on Windows are pretty evident
to anyone with access to Google.  Despite that, Microsoft stepped up to
the plate and provided excellent resources, as did the personal firewall
vendor that I started this whole thing saying bad things about at the
NTBugtraq retreat.  All the vendors allowed me final say in what got
posted- despite the fact that I've said not nice things about them.  I
won't stop being me anytime soon either.

4.  This was targeted at consumers- you know, the folks who're nothing but
victims?  The content was made to be consumer-level, the message was to
get some protection.  It wasn't aimed at getting them to switch software,
turn into security gurus, or conflict with "Computer Security Day,"
"Anti-Virus Day," or "Whine about someone else trying to do something
positive Day."  Obviously it did conflict with the latter.

5.  The start of this was a question I got when I was busy shooting down
other's ideas for making the general Net better- "What would you do?" So I
said "well the easiest thing is to stop all the compromised Windows boxes
that are zombies and spam relays, and the quickest way to do that is with
a personal firewall..."  So it started.  So far nobody shooting this down
has stepped up and done anything better, and I doubt I'll be holding my
breath- but if they do, I'll support it if it IS better.

6.  I'm not, and never have been in marketing.

[1]  Arguably, ICSA Labs has an interest in the vendor stuff, but they
were too busy to get involved.
[2]  I take the threats against my server quite serioiusly.
[3]  Russ and I both work for TruSecure, so that's how the TS/Labs logos
got put on the site.  W/O any participation by our marketing folks.

> vendors.  It's really been quite an outcry of fowl by many of the new kids
> on the IT sec block.  You might wish to look in and checkout the turmoil
> <smile>.
>

It generally takes about 10 years for people to get past the "folks will
use better software if they're informed!" stage- some of us took longer
than that.  Ah well, I'm glad it's all downhill from here, but it was a
great learning experience.


Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts@...riot.net      which may have no basis whatsoever in fact."
probertson@...secure.com Director of Risk Assessment TruSecure Corporation

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ