lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Law15-F62qLS7KLBFFU00028c3e@hotmail.com>
From: likewhoa_666 at hotmail.com (John Ruppert)
Subject: [OFFTOPIC] Zone Alarm

>From: "Robert J. Liebsch" <rliebsch@...neyamashita.com>
>To: "Michael Reilly" <michaelr@...co.com>,   "Schmehl, Paul L" 
><pauls@...allas.edu>,   "Kurt Seifried" <listuser@...fried.org>
>CC: "Ben Tyson-Norrman" <ben@...waytv.co.uk>,   
><full-disclosure@...ts.netsys.com>
>Subject: RE: [Full-Disclosure] [OFFTOPIC] Zone Alarm
>Date: Wed, 4 Jun 2003 16:45:28 -0700
>
>I have on asbestos underwear, so I am prepared for your flames...

asbestos sounds much like a big bird's name.

>However,

please, yes.

>Because security is inconvenient does not make it irrelevant. You do have
>your car serviced? You do
>go see a doctor regularly? You do perform maintenance to your home?
>....don't you?

Well that is personal. I would not want people to associate me with a home 
see doctor maintenance system. But hey, if foo is inconvenient the sentence 
"foo is inconvenient does not makes it irrelevant." is true. However, yes, 
this sentence can apply to anything that is irrelevant and has been 
discarded from your argument list.

>How can you expect the right thing to be easy? You must have at least NAT
>running on a fairly safe box.

just 'echo 1 > /proc/sys/net/ipv4/ip_forward` # Right thing. see the 1 ?

>Everything, software/hardware/firmware/you/me/the damed dog have security
>vulnerabilities. Safe sex is
>everyone's responsibility isn't it? Safe driveing is everyone's
>responsibility. Safe gun handling. And we all
>know what happens.

All this is inconvenient but it does not make it irrelevant.

>Come on. If we don't make demands that people wake the hell up and be
>responsible human beings, and
>responsible computer users... Give up and get a different career on a
>different planet. I have a VERY small
>office. Only 30 users. But EVERY one of them has DSL at home. Every one of
>them has hardware providing
>NAT, every one of them has system monitoring utilities and antivirus
>utilities, every one of them has much
>more than the basic precautions taken. But now, two years later, they take 
>it
>as a given. As a requisit for
>computing in this information age.

You are loosing your head over a firewall discussion, my friend.
And anyways, how do you think it affect them to run an irc server, or two if 
they don't know it ?

>My users, my lame ass users who forget how to print, who can seldom 
>remember
>how to zip a file, or any
>number of other things users don't  know how to do because they weren't
>practiced.... They laugh at people
>who don't concider some security issues.

Laugh.

>Take your stance a little bit further...
>
>How many sysadmins, netadmins, secadmins don't follow policy? How many skip
>security because its too hard.

None. The question you should have asked is how many real sysadmins, 
netadmins, secadmins are left on the planet.

>Because its too complicated, because it takes too long? I know how many. 
>Look
>at the penetrations, look at
>the defacements. This is everyones issue. This is not offtopic.

I must say I do think it is off topic, my friend.

>Lets take this further still...
>
>Suppose you don't expect users to do this. Suppose I plant a zombie on your
>users machine because all they
>had was Zone Alarm, or better yet, Nothing at all. Now your user comes to
>work. My zombie says "hey, this address
>is an RFC1918 address, Time to wake up and go to work." Then I can weasle 
>my
>way in to your very well
>maintained network.

End-user are probably mostly stupid and you said it earlier.
Stupid people do not really care about intelligent matters.
Intelligent people do not really care about what is stupid.

>This isn't easy. Neither was getting people to take a bath during the
>plagues. Neither is carrying herpes because
>you didnt wear a condom, Netiher is burying family because you didn't put
>your gun away, or put on a saftey
>belt...

m00

>off topic? How?

You are talking about a social problem, my friend.
This is not a security question, it is already identified.

    -likewhoa
How do you plan to change the world today ?

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ