lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 16 May 2010 19:08:26 +0000
From: "Thor (Hammer of God)" <Thor@...merofgod.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Windows' future (reprise)

The error in your overall thesis is your failure to identify the difference between threat and risk.  You are interacting with Symantec's report of "x new threats" as if it actually means something, or more specifically, that these new threats somehow translate into some new level of risk.  They don't.

According to Stephen Hawking, there are new threats emerging based on the statistical probability of the existence of aliens.  Therefore, a "threat" exists where I may be struck in the head by a falling block of green alien poo, frozen in the atmosphere after being flushed out by a passing pan-galactic alien survey ship.  However, the actual *risk* of me being hit in the head while walking to a matinée of The Rocky Horror Picture Show doesn't dictate that I apply a small mixture of Purell and Teflon to my umbrella and fill my squirt gun with alien repellent.

The risk of me personally being struck by falling alien poo is *far* lower than the risk of any one of the almost 7 billion people on the planet being struck by falling alien poo.  You may be able to calculate the risk of my being poo'd in relation to any given human being poo'd, but no level of math will allow you to determine what my or any other person's individual chance of being poo'd is.

Your argument would call everyone to change the way they protect themselves from falling alien poo out of the mere existence of a threat without really qualifying the associated risk.  That does nothing for anyone, and would only cause a rise in the cost of umbrellas and squirt guns and would probably result in the theater putting the kibosh on Rock Horror completely and charging people to watch Born Free.  (Insert clever association of "Born Free" with "free" open source products here.  See what I did there?)

Further, the basis of this "threat" is that you would actually have to trust what Stephen Hawking is saying in the first place.  In his case, there really isn't any way to know that he's the one saying it, is there?  For all we know, the ghost of Carl Sagan could have hacked into his computer and has made Mr. Hawking's requests to have his Depends changed translated into "run for your lives, the aliens are coming, the aliens are coming"  when his computer talks.

My point is that you are taking threat statistics from Symantec that don't mean anything on their own, as there is no definition of how those threats would apply to any given system, and directly converting them into some global level of risk - and you are doing so to such extremes that you actually conclude that the solution is to do away with Microsoft products based on some unproven and imagined postulate that closed source is somehow at the core of the issue while at the same time admitting you don't know anything about the platform.   The fact that you are actually using Windows and programs written with Visual Studio out of convenience to you critically damages your argument.  If you as the author of this idea refuse to migrate from Windows or applications written with Windows development products and frameworks just because it is *not convenient* for you, how could you possibly expect anyone supporting any infrastructure of consequence to take your advice or even consider your ideas as anything other than hysteria when they would have to engage in unfathomable expense, effort and time to create a total and complete paradigm change in their business simply to try to defend against being hit by falling alien poo?

t


>An interesting point - Unicode?
>
>I don't think 5Mb files are infeasible, especially as time passes,
>that'll be just a blip before long.
>
>Stu
>
>On 15 May 2010 at 14:59, Christian Sciberras wrote:
>
>Date sent:      Sat, 15 May 2010 14:59:46 +0100
>Subject:        Re: [Full-disclosure] Windows' future (reprise)
>From:   Christian Sciberras <uuf6429 () gmail com>
>To:     stuart () cyberdelix net



Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ