On Tue, 12 Mar 2002, Erik Curiel wrote: > One of the most far-fetched scenarios I've heard in a while, but sure, I > can conceive of it. Am I going to live my life trying to guard against > every single problem I can conceive of? No. You can't guard against > everything. You weigh the benefits of having "." in your path (ease of > typing) versus the possible dangers you're exposed to and the likelihood > of those dangers occurring (*if* you make exactly the typing error that a > malicious hacker has counted on you to make in *exactly* the directory he > knew you would make it in, you're fucked), and you see where you fall on > the cost-benefit analysis.
it's not a far fetched idea. you want a cost benefit analysis? i can give you one. security is about risk management, sure. yeah, the malicious hacker would have to wait around for something that might happen. but hey, you know what, i've seen it occur in the wild. it's not the most common exploit, but it is available, has been used, and will be used again. the reason i know this? people assuming that it isn't a security risk. > Open and shut case either way? Not to me. do you have any users on your box besides yourself? if not, then sure. it's an open and shut case. but if you have external users, it's not. > I suppose I just don't have Brandon's incisive brilliance, though, that > can not only make such a judgment for himself but also make it once and > for all for every other person and situation imaginable. And to do it so > quickly! It must be a heavy burden, always knowing what is right for > everyone else, even though you have only incomplete knowledge of their > needs, requirements and resources. dude, brandon may not be the easist person to like but do you realize that making personal attacks as part of a technical argument does nothing to advance your credibility? it does exactly the opposite. -- christian void - [EMAIL PROTECTED] www.morphine.com/void/ gpg key available on request _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
