| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Apr 1 01:03:04 2005 From: webcenter at sapo.pt (Nuno Costa) Subject: RE: [ISN] How To Save The Internet hello all, about saving the internet, i wil talk about smething more simple... i work in a ISP, and in this days we dont need to work in a ISP to understand that a lot and a lot of people connects to the internet and don't know what's is a desktop or don't know what is IE, and nothing... in this days if we need a drive license to drive a car, i think?we need to start thinking and giving license to surf on the internet... if a car can kill someone, a computer from someone in the world can cause a big damage to a company, or to particular individuals, in this days write a virus, and put him rolling on the internet using a computer from someone is a task very easy i think... why botnets... why virus... why and why etc... ??? maybe is a very stupid now but one day maybe this licese to surf on the internet, will be a very important way to not to save the internet but how to be more secure for everyone... teach people what is a fw, av, how see a netstat commandand understand it, etc... we just like to say why microsoft do this and this, why they take so long to resolve security problems, when the big problem is not the OS but i think the user... i don't think this?license will not?"save the internet" but will help... saving us from someone else... regards Nuno Costa? Citando Arndt.WA@...ces.gc.ca: Jason Coombs wrote: > > David Gillett wrote: > > are the various rights of the owner > > of the CPU, the *operator* of the > > CPU, and the owner of the *data*, > > each of whom may have a more or > > less legitimate say in what code > > actually gets executed. > > Nonsense. Absurd, ridiculous nonsense. > > There is only one party who has any say over what code gets > executed by a CPU: the owner of that physical property. > > Everyone else can go fly a kite. Hold on. If you're dealing with a large company or government department, who "physically owns" the computer in question, you can't tell me that they're going to micromanage exactly what goes on with that system. They'll delegate the authority off to someone who'll actually run the equipment. That sounds like an "*operator* of the CPU" to me... > > Take your intellectual property fantasies and your heady > legal concerns to law school, they have no place in security > technology. I don't read "intellectual property" anywhere in David's position at all. He quite rightly separates the three obvious stakeholders in any computer system, be it a desktop or a huge data storage facility. When you're dealing with a system that's primary function is serving up reams of data (say a database), the access to that data will involve someone running "code" (read: an application). This access cannot be controlled solely by the maintainer of the computer(s) and other equipment that make up the DB. Similarly, isn't going to be the DBA, who's role is to maintain the data contained in the DB, either. In this example, a user running queries against that DB is exercising control and most certainly has a "say in what code actually gets executed" as a result. I don't think I need to point out that this user could even be someone external to your organisation, but I will anyway... > I'm not trying to flame or troll here. I just think that in the world we live in now, where computers (and the CPUs they contain) are "operated" by various stakeholders, it is a hard sell to say that only one entity controls the resources in question. As the "owner" of the CPU, you might be able to say when it will be available (NO, I don't like you. Power off), but this won't help the bottom line. Same thing with an the folks assigned the role of "operator" - they're there to enable the business, not impede it. Users, be they your own or the customers your system is designed to serve, will always get a say. The issue here, as I see it, is to properly govern how the rights assigned. Like it or not, we're all here to ultimately make the end users happy. Besides, isn't security supposed to support and improved your operations? Your approach would, IMHO, do the opposite... Alex Arndt CISSP, GCIA Fale com MSN, ICQ, SAPO, Telepac e Netcabo, envie e receba SMS, bocas animadas e muito mais. Consulte http://messenger.sapo.pt para conhecer e instalar totalmente GR?TIS o novo SAPO Messenger.
Powered by blists - more mailing lists