lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030922200427.GD35858@netpublishing.com>
From: ggilliss at netpublishing.com (Gregory A. Gilliss)
Subject: Is Marty Lying?

Peter:

Intrusion Detection systems are designed to detect intrusions. Period.
No one AFAIK has yet developed the Intrusion Prediction system. If you
have an alpha version lying around, pls respond with a link. I'm sure
that you will quickly be deluged with download requests =;^)

Reactive is the nature of the beast, a point that has been rehashed many 
many times here and elsewhere. No finite state machine can anticipate or 
detect the virus that I am right now writing, unless I foolishly make part
of the binary match an existing sig. there will *always* be a latency
between action and response. One of the things that people on this list
do is attempt to assist each other in minimizing that latency.

Now, if we could only get some of the vendors onboard >-)

G

On or about 2003.09.22 21:23:52 +0000, Peter Busser (peter@...steddebian.org) said:

> Hi!
> 
> > > 3) Why the fuck do people still thing signature-based IDS is worthwhile?
> > Give us another solution. Are you saying anomoly based ids signatures are
> > _worthwhile_?
> 
> The problem with IDS systems is the same problem that currently available
> virus scanners have: They work reactive and not proactive.
> 
> Making machines harder to break into and improve ways to enforce a security
> policy (e.g. by using Mandatory Access Control (MAC)) would be one way to
> proactively deal with security.

-- 
Gregory A. Gilliss, CISSP                             Telephone: 1 650 872 2420
Computer Engineering                                   E-mail: greg@...liss.com
Computer Security                                                ICQ: 123710561
Software Development                          WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ