lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Dec 2006 09:43:01 -0500
From: "Brian Eaton" <>
To: "Michael Zimmermann" <>
Subject: Re: comparing information security to other

On 12/24/06, Michael Zimmermann <> wrote:
> are the computer systems at large nowadays more secure than
> - say - ten years ago?

Some systems are.  But not because the software has gotten any better.
 Organizations have gotten better at defense-in-depth.

Consider patch management systems.  A decade ago, most companies
barely had one at all.  Today, companies are evaluating, verifying,
and pushing out patches within days of their release.  More networks
are isolated behind firewalls, and lots of workstations are using
host-based firewalls.  Even the low-end consumers have gotten better
at this: lots more people are using SOHO routers with firewalls
instead of a cable modem with a wide open internet connection.

The attackers have gotten better as well.  But even when the attackers
successfully exploit a new vulnerability, organizations are better
prepared to deal with the consequences.

You might see another codered type vulnerability in IIS, but there is
no way it would do as much damage as the original worm.


Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists