| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <470E9961.2090501@vanderkooij.org> Date: Thu, 11 Oct 2007 23:45:05 +0200 From: hvdkooij@...derkooij.org To: bugtraq@...urityfocus.com Subject: Re: Remote Desktop Command Fixation Attacks pdp (architect) wrote: > Thor, with no disrespect but you are wrong. Security in depth does not > work and I am not planning to support my argument in any way. This is > just my personal humble opinion. I've seen only failure of the > principles you mentioned. Security in depth works only in a perfect > world. The truth is that you cannot implement true security mainly > because you will hit on the accessibility side. It is all about > achieving the balance between security and accessibility. Moreover, > you cannot implement security in depth mainly because you cannot > predict the future. Therefore, you don't know what kinds of attack > will surface next. > > Security is not a destination, it is a process. Security in depth > sounds like a destination to me. Security in depth is neither a destination nor a process. It is a state of mind. Each part should take care of itself. And it should be as secure as possible in each step. Hugo. -- hvdkooij@...derkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger.
Powered by blists - more mailing lists