lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200309270209.h8R29rh00354@netsys.com>
From: matsu at mailvault.com (Matsu Kandagawa)
Subject: An open question for Snort and Project Honeynet

-----BEGIN PGP SIGNED MESSAGE-----

> Who is making a "non-detectability" claim, and in what context?  I
have 
> no reason to claim that no one has, I just haven't seen it.
> 
> 						BB


Fair enough, but I sure haven't seen anyone doing much to point out
their limitations and cataloging their points of failure. Not to metion
taking a full inventory of every respect in which your systems respond
differently from real ones. Maybe I just haven't been talking to the
right people or listening carefully enough, anybody up for a white paper
to fill everyone in?

If your sponsors haven't asked for a third-party audit of your tools and
deployed systems from an attacker's perspective, they ought to. Really
give it both barrels and see what you're left with. If the answer is
"but we have!" then in my opinion you really ought to start looking
around for that third party. Tear it down, build it up--what else are
you getting paid for.

Frankly, I'd like nothing better than to discuss more of what I had in
mind, but unfortunately my ass is so 0wned by [this space intentionally
left blank] that it seems I can't even take a shit without signing a
release form. 

M.


-----BEGIN PGP SIGNATURE-----
Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com

iQA/AwUAP3Tw7GM5xTGTuR0REQIyBACeJELn8egcz+mjNNK4q6dvnzDsXd8AoNvE
jviCR2DWn+n4/O6nU3ForiU2
=w8pq
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ