lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <15533237421C6E4296CC33A2090B224A54CA12@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: Who's to blame for malicious code?

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> Tobias Weisserth
> Sent: Tuesday, January 20, 2004 11:42 AM
> To: Mary Landesman
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Anti-MS drivel
> 
> This is too easy. It's the same with guns. People always 
> blame the people who pull the trigger but the fact that guns 
> are soooooo damn easy to get, even for minors doesn't startle 
> a soul...
>
This is a ludicrous argument.  Do you seriously believe that if all guns
suddenly disappeared that murders would cease????  But this is
completely off topic, so I'll leave it at that.

Returning more to the topic at hand, I agree with Mary that the writers
of malicious code are to blame for much of the present problems, but I
also think users must take some responsibility as well.  So should the
writers of software.  It's been proven conclusively in the US, IMNSHO,
that you cannot legislate good behavior, no matter how much the
politicians try, mostly to society's detriment.  All the warnings in the
world won't stop some idiots from flying to Nigeria to pick up their
commissions, and all the security in software that you can possibly
design in won't stop some people from doing stupid things that
compromise their machine, *regardless* of how well designed it is.  You
need only look at the number of compromised Unix machines worldwide to
realize that the OS isn't the problem.

In a perfect world, no one would write malicious code, and the OS you
use wouldn't matter at all.  But we don't live in a perfect world, do
we?  Yet, no matter what OS you use, you can find *someone* whose
machine is compromised.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ