| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Re-write with security in mind all ops. On Mon, 23 Aug 2004 14:22:42 PDT, "Gregory A. Gilliss" said: > People, believe it or not, before there was Dubya, before there were mad > rag heads disgracing one of the world's most civilized religions, before > Sir Tim Berners-Lee <Gack> 'invented' the Web, there was a network of people > who shared information pretty freely and who, occasionally, would shell > out of an app and gain root somewhere. All in all, it wasn't bad at all. Yes.. I was around in that day and age. However, I'll also note that by and large, the people who would occasionally shell out weren't the sort of people who were actively trying to blow me up. Also, calling them "mad rag heads" is a bad idea - considered as a purely military matter, they managed to pull off an operation that caused 3,000+ casualties on our side and only 19 on theirs. Militarily, we got our butts kicked. And 3 years later, after invading 2 countries, we still don't even know where their leader is. They're tech-savvy, using crypto to good effect, and ditched their use of cell phones when they learned we knew how to track them. Consider that a very large chunk of our info was only obtained when we accidentally busted our own mole in the organization - what does that tell you about relative skill levels? ObSecurity: Demeaning the enemy with labels may be good training for Marines, where dehumanizing the enemy to make it easier to kill them in combat may be a good idea. It's a bad idea when trying to out-guess a clever opponent's next move, when you know beforehand they're at least as clever as you. > Now we have "no unencrypted links" which is a nice way of saying "I bet > I can keep you off my swings". Funny how someone with a citigroup.com > email is making such bold security claims. Two words - Vladimir Levin. On the other hand, note that Citigroup is a bank and financial services organization. Would *YOU* trust a bank that *didnt* say "I bet I can keep you off my swings/vaults/account info"? Would you trust a bank that didn't do all reasonable steps to secure themselves (and in this day and age, there's little to no excuse for an unencrypted link for critical data)? Personally, if I found my bank *wasnt* making such "bold security claims", I'd find a new bank quickly.... > In case you haven't figured it out yet from the caustic replies you've > received, around here the only credibility is clue. Abbreviations and > boasting count for diddly. One of the more ironic things I've seen on this list to date.... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040823/1a0424e2/attachment.bin
Powered by blists - more mailing lists