lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <01df01c38604$e5995bd0$0a00a8c0@LUFKIN.DPSOL.COM>
From: purdy at tecman.com (Curt Purdy)
Subject: [inbox] Re: CyberInsecurity: The cost of Monopoly

I wasn't refering to the SMB community, but IMHO even they will be choosing
simplicity (don't think I've ever used that term with Microsoft considering
their use of a registry as one example) over security that will someday bite
them in the butt. The paper was refering to the government and society in
general.  Even medium businesses and larger better get their head out.

One of my standard rec's after auditing Windows networks is to go to Netware
or UNIX on the server side and Linux on the client-side.  With Open Office
and Crossover, 90% of Windows can be eliminated while introducing a MUCH
more secure networking environment.

The following sentence from the work cannot be argued and it applies to
networks as well, "In the broadest sense, economic diversification is as
much the hallmark of free societies as monopoly is the hallmark of central
planning."  And we all better wake up and see that Microsoft is the "central
planner" here and Bill Gates is Big Brother.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity zar Richard Clarke


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Florian
Weimer
Sent: Sunday, September 28, 2003 3:21 AM
To: Curt Purdy
Cc: 'Rick Kingslan'; '*Hobbit*'; full-disclosure@...ts.netsys.com
Subject: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of
Monopoly


On Sat, Sep 27, 2003 at 01:12:01PM -0500, Curt Purdy wrote:

> I think we have lost the point of the thread CyberInsecurity: The Cost of
> Monopoly which states your exact point that diversity is the most
important
> aspect of network protection.

I often hear such claims, but I'd rather see companies to allocate
adequate resources to deal with a uniform computing environment.
Currently, most companies with such an environment do not deploy *any*
countermeasures.  There was a wide range of options to counter the
recent malware waves, yet many organziations did nothing.

Diversity is good, sure, but unless you can afford the costs of a
workforce which is equally skilled on very diverse platforms, you just
make things worse.

Furthermore, some aspects of diversity are already creating huge
problems, e.g. mobile devices which are not configured according to
company guidelines, but are nevertheless connected to the company
network.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ