lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <91817e68cc7a653c4d5fe6bc6ec50b544006fa7f@watchguard.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: UTTER HORSESHIT: [was January 15 is Personal
 Firewall Day, help the cause]

On Thu, 15 Jan 2004, Mary Landesman wrote:

> Interpretation is subjective, but I have always interpreted the Sam Spade
> rant to be directed at the alerting many of these PFWs do, vs. the actual
> effectiveness.

I read the rant there as a fed up admin/code warrior tired of dealing with
bug reports due to PFW's blocking his samspade apps capabilities.

> In fact, his point seems to be to get a hardware-based
> firewall.

Not only is it not an option for most home based users, even if it was, in
the vast majority of cases it's not going to lower the issues broght to
his desk about his samspade app or similiar apps cause even a HW based FW
requires the proper tuning and training to do it's job
correctly/near-perfectly.

Most folks with a new PC from x-mas or a b-day or graduation do not have
the funds to keep a sec expert on contract for the time it's going to take
to do this.  Sure, sure, HW fw's often com preconfigured with some level
of effectivness,just like the SW version tend to offer 1-3 levels of
preconfigged 'protection modes' to those that rely upon them.  But, what
we have to remember is;  ONE SIZE DOES NOT FIT ALL.  Even in the home
user/non-professional categrories.

But the objective  or personal FW day is to;


enlighten thse that are not IT professionals

to get IT pros to share a bit f their time and skills to do the
enlightening and perhaps some tuning and training for their friends,
family, etc...

And damn, if folks don;t like the SW-PFW idea, then spends the extra time
and most likely a few of your own har earned bucks and get these folks a
HW based set of protections, afterall, it's in our own best interests to
see as many folks getting a clue or partial one, and a bit of defense
setup.

Of course, there are many that will prefer to stand still, cry FUD and do
not a gawd damned thing.

	 The Good thing about potential is
		 as long as you do nothing
			 you'll always have it.


	[the rest of a decent post and a few whiners statements SNIPPED]

Thanks,


Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ