| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ratel at mailvault.com (ratel) Subject: Please post to the list -----BEGIN PGP SIGNED MESSAGE----- > >On 22-Nov-2002 12:19:52 -0500, you wrote: > > >>in your ideal world, how would you help > >> me stay secure and prevent all the attacks that bludgeon my network? > > >>This is a legitimate question, and I would appreciate a legitimate > >>answer, rather than the usual blather that has dominated this list. > > > >Two words: AIR GAP. > > Not an option, therefore not worth discussing. Actually, it is an option, just not one you're in a position to take. Someone in your institution chose convenience over privacy long ago, fine. So did nearly everyone. But you can't pretend it's not a tradeoff. >do you really think those delightful fellows >employed by JTF-CNA, NSA &c. really run to tell Microsoft and other >vendors everytime they find a hole/sidechannel/backdoor in their >software? Do you honestly think any man jack of them spends two seconds >concerning himself with this kind of anguished hand-wringing debate? > Do you really think the average sysadmin cares? No, not at all. I know the average American doesn't give a damn about anything beyond comfort and convenience. Who cares about abstract ideas, what governments do or what's happening our civil liberties as long as we've all got our cushy sysadmin jobs, TV, porn, and cold beer, right? I think the fact that so many intelligent and talented people are so complacent and apathetic is a real shame. >All this is nothing but side-show to distract from the weakness of the blackhat argument. Where did that come from? I'm not trying to distract anyone from anything. I speak for myself and only myself, my arguments are my own. The points I made might be a "side show" to you in the context of the past six months worth of discussion here, but you can't dismiss what I'm saying by referencing someone else's posts. I tried to put the dicussion in a broader framework, that's all. You sidestep the whole issue of the implication of governments being all-too-willing to keep vulnerabilities to themselves by dragging in something somebody else happened to have said in the same forum. Good job. > >Forget it. In their world, full disclosure is irrelevant. Dead. A bad > >joke. Grow up and stop kidding yourselves. > > I'm not the one kidding myself. So you actually mean to say you think JTF-CNA analysts believe in full disclosure? Oh wait, you don't care. Nevermind. Dream on. > Do you lay awake at night to think this stuff up? It's really comical. Unfortunately, I do lay awake at night about what's happening to this country. I wonder how bad it'll have to get before you quit feeling so smug and stop laughing too. Ratel. *** "Americans used to roar like lions for liberty. Now we bleat like sheep for security." - Norman Vincent Peale. -----BEGIN PGP SIGNATURE----- Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com iQA/AwUAPd8pGOYNtyh3zif9EQJqZwCbBegQ0JuEqlN9uzJEaDCRnhy0C2cAmgLf aAjbs6xnCDnQ8m6JV4y5AGny =4spf -----END PGP SIGNATURE-----
Powered by blists - more mailing lists