Mark Anderson wrote:
> I beg to disagree... With the huge ammount of resources
> avilable to admins such as Bugtraq, Packetstorm, CERT, etc,
> it takes little intelligence to secure a machine on the
> internet these days. The only hinderence to efficient
> security is laziness. The ability to successfully attack a
> machine and gain elevated privileges is allot more difficult
> and requires more intelligence.
> I am 19, I have had no formal training or education that
> would help my job yet I have been keeping upwards of 5 servers
> secure and operational for two years now. I suggest that if I
> can do it, than any can (should they try).
Did I not say that 'security through obscurity' was a bad thing?
And that being paranoid was the way to do things?
Sorry Mark, I fail to see what your argument is here. You've basically
agreed with exactly what I said in the first place!
The whole point I made was based around the exact same sites you've
quoted: they enable sys-admins to secure things well, but they also
publicise the very same exploits in detail, including the virtually
no-brainer methids of attack.
The basic problem I see these days (and I am a little older than you!)
is that there are literally thousands of people running webservers,
whether in server farms, colocation centres or hanging off of the end of
a DSL or cable connection, who have *absolutely no idea* what they are
doing. I work for a hosting company and it's surprising at times just
how little some of our customers really do know (no disrespect to those
subscribed to here; you at least know where to look for information!).
When you ask someone if they've patched their system and they ask what a
patch is... enough said.
Graeme
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
