lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <9E97F0997FB84D42B221B9FB203EFA2707E3A5@dc1ms2.msad.brookshires.net>
From: toddtowles at brookshires.com (Todd Towles)
Subject: RE: MS should re-write code    with security in mind

Whitehats are mostly losing. Network administrator that has no sense of
security are losing. Are all network open to something? Yep, but you can
reduce your risk if you try. No network is safe from hackers 100% and no
hacker is safe from the law 100%. We all take our chances - sometimes on
both sides... 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Clairmont,
Jan M
Sent: Friday, August 20, 2004 9:46 AM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] RE: [Full-Disclosure]MS should re-write
code with security in mind

Glenn:
Not to take issue with the performance of encryption, but what good is
performance when it's all spent processing spam, malware, trojans,
spyware and all the other cr*p that downloads.
Even things like spybot, zone alarm etc. do not  prevent any of the junk
that gets loaded thru mail and port 80, plus any other vulnerabilities
that continually open up.

I would gladly take performance hits for reliability and the end of
endless spam, vuls, and spyware that constantly attach to  my clients as
well as myself.  

Anyone in the real world knows how impossible it is to totally lock down
a large commercial network.  To do business you need to open at least
one window to the hellish nightmare of the internet.  Plus router,
firewall, switch, modem, atm endless list of vulnerable systems... It is
a never ending battle, and for the most part the white Hats are losing.
So what is the alternative?

Go to a totally secure network computing system like the military?

It seems we may have no choice.



Jan Clairmont
Firewall Administrator/Consultant
(302) 323-3616

-----Original Message-----
From: Glenn_Everhart@...kone.com [mailto:Glenn_Everhart@...kone.com]
Sent: Thursday, August 19, 2004 10:53 AM
To: Clairmont, Jan M
Subject: RE: [Full-Disclosure] RE: [Full-Disclosure]MS should re-write
code with security in mind


Encryption is one scheme that gives access control. It is one of the
more expensive alternatives out there for this, and people using it
often get the key management wrong and vitiate their entire efforts
while sweeping the problems under the rug.

When I invented the cryptodisk back in the late 70s I noticed the first
version (using a DES algorithm) would allow the processor either to be
doing useful work, or encrypting/decrypting disk. I therefore added a
much weaker but faster algorithm as an alternative (for more benign
environments) that at least permitted both.

Machines today are much more capable, but overdone encryption is still
capable of eating serious amounts of their performance.

Glenn Everhart


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Clairmont,
Jan M
Sent: Wednesday, August 18, 2004 2:01 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code
with security in mind



M$ should just bite the bullet and re-write windows with security in
mind, give it a true process scheduler, multi-user
with windows as a client server processes.  Build in 256 bit encryption
and secure communications between processes and external communication
with no unencrypted traffic.  That would shut down a lot of these
mindless security leaks.  All mail should be encrypted and
point-to-point, with the mail servers only able to re-direct and
broadcast mail with authentication.   Maybe we could slow a lot of  the
hacking down  and spam.  But again until the market place demands it M$,
Linux and everybody else it's business as usual.

Keeps us employed I guess.

Jan Clairmont
Firewall Administrator/Consultant

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


**********************************************************************
This transmission may contain information that is privileged,
confidential and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
received this transmission in error, please immediately contact the
sender and destroy the material in its entirety, whether in electronic
or hard copy format. Thank you
**********************************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ