On Wed, Jun 22, 2005 at 10:32:21AM -0700, Bob Miller wrote: > Here's a fine interview on the (dismal) state of network security. > Read it and weep. > > http://www.securityfocus.com/columnists/334
yeah, security is hard. it's not something that just happens. what's new? he should blame OS producers who want people to use their system and aren't willing to work to make their systems secure, idiot consultants who want to make money and not work hard, and lazy system administrators more, and hackers less. sorry, but as we've discussed before, if you leave your front door open, it's your fault if someone comes and takes your stuff. sure, you can blame the thief all you want, but where does that get you? also, I find it odd, that he never mentions the work of the OpenBSD project. he never mentions authpf when he talks about how firewalls don't solve the inter-system trust problem. he doesn't talk about credential forwarding in OpenSSH, but gives an example of how SSH "leapfrogging" is insecure. he says that there is still a problem at the application level but doesn't mention propolice or systrace, or the fact that there _are_ projects out there that _do_ care about the correctness of the code they ship. he talks about playing the waiting game, not using technology until it's proven: that's why OpenBSD "lacks support" for stupid crap. IMO, the article is just more anti-MS, Linux is "good enough" because there is nothing better FUD. at least he does acknowledge that the problem is that most people just don't care. wake up and smell your cracked accounts people! -- <[EMAIL PROTECTED]> _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
