| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Dec 2010 12:06:03 +0100
From: Christian Sciberras <uuf6429@...il.com>
To: lists@...com.org
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Making Security Suck Less
I might be lead by the leash on your little rant here, but let me say one
thing...
Half of the enthusiasm I had for your post evoparated after;
"How many of you have ever had a virus, scareware, cracks, hacks, or
spontaneous reboots even though you've got your wares updated and patches
installed? Many of you are keeping your hands up."
Enthusiasm simply got replaced with some doubts after reading...
"Why did so many buy into the crap about "There's no such thing as perfect
security." and "Security is a process."? Why?"
An unused harddisk under several meters of concrete is perfectly vulnerable
to all kinds of attacks.
Let alone servers which are supposed to be running 24/7.
I'm sorry, but your rant is unrealistic. The next best approach to
patch-test-release would be not releasing anything at all.
Just my 2cents-worth.
Chris.
On Thu, Dec 16, 2010 at 8:46 AM, Pete Herzog <lists@...com.org> wrote:
> Hi,
>
> "Now not everything about the old security model is bad. Personally, I
> really like the Zen feel of it. It's like raking the fine, white,
> beach sand into those concentric lines and around rocks and dead fish
> and stuff. It's very Zen. Then as the tide rises, the wind blows, and
> Frisbees get badly thrown you have to do it all over again in a very
> Zen way like this: Install. Harden. Configure. Patch. Scan. Patch
> again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install.
> Configure. And then you do it all over again! With so much Zen
> practice it's hard not to become a Master of the security repeat
> cycle. But you know what else is Zen? NOT doing that. It's less
> stressful to maintain an existing balance between operations,
> limitations, and controls then running around and putting out fires."
>
> This is from my new article called, "Making Security Suck Less" you
> can read finished at:
>
> https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html
>
> There's some more, new articles reviewing the OSSTMM and the new
> security model at InfoSec Island here:
>
> https://www.infosecisland.com/osstmm.html
>
> Sincerely,
> -pete.
>
> --
> Pete Herzog - Managing Director - pete@...com.org
> ISECOM - Institute for Security and Open Methodologies
> www.isecom.org - www.osstmm.org
> www.hackerhighschool.org - www.badpeopleproject.org
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists