Steven M. Bellovin wrote:
> It will be a few days before I can look at the code, but I don't see a
> privacy policy on the web page. What, if anything, is done with the
> data collectible by your servers?
>
> --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Odd, I can see on
Rich Kulawiec wrote:
More bluntly: the closed-source, "faith-based" approach to security
doesn't cut it. The attacks we're confronting are being launched
(in many cases) by people who *already have the source code*, and
who thus enjoy an enormous advantage over the defenders.
TBH though, usuall
Per Gregers Bilse wrote:
Just because one can find a counter argument against an argument
doesn't mean the original argument is invalid.
Sometimes it does :)
disproof by counterexample is a valid technique.
John Curran wrote:
If you're asserting that having firewalls in the path doesn't have
any impact on rate of infection, please provide a link to this data.
Actually, it doesn't - practical experience on a medium sized corporate
network is that the firewall protects perfectly against TCP/IP worms -
Sean Donelan wrote:
Selling people barn doors and barn door audits is easier than figuring
out how the rustlers are getting the horses. The problem is the horses
aren't being rustled(?) through the barn doors. If they were, you would
expect to see a difference between barns with doors and barns wi
Erik Haagsman wrote:
> Spammers can only work when making enormous amounts of connections
> each hour, so limiting a normal user to 10 connections per hour with
> some extra slack after two or three connectionless hours, with an hour
> blocking penalty if the user goes over shouldn't pose a prob
Joshua Brady wrote:
> The "Child" you speak of caused destruction over a network, the same
> applied for the 2 hackers here who were sent over without even
> questioning the UK. If the US Government is Satan then I suppose I am
> going to hell, because I sure as hell support it.
Oh, so do I - I ju
[EMAIL PROTECTED] wrote:
> So, the US gov't is "Satan" going after "innocent" hackers in Wales?
No, but the US government is apparently now allowed to arrest and
extradite a child from the UK without having to show a judge good cause -
which is *not* true in reverse, or for any other country. Up
Jeffrey Paul wrote:
> Perhaps I'm being naïve, but this seems like a very good way to cause
> spammers to suddenly start having valid PTR RRs. Thoughts?
or limiting attacks for relay/proxy/trojan purposes targets that have valid
PTR records which of course ideally should be all of them.
Daniel Karrenberg wrote:
> I recommend that at home to all local primary schools. They often do
> not have the latest hardware but some of them even run it on the
> latest hardware now. This and frequent reloads of standard clean
> disk images tends to keep things clean and operational. The ima
Brian Bruns wrote:
> My favorite quote is...
>
> BG: Until we had this concept of Web services, software on the
> Internet couldn't talk to other software on the Internet. The only
> thing that worked was you could move bits - that's TCP/IP -
> or you could put up screens - that's HTML - but so
[EMAIL PROTECTED] wrote:
>> I don't see how that is the same thing here. I have an
>> agreement with cust X to provide services in accordance with
>> my AUP. cust X resells that service to cust Y, etc. cust Y
>> is bound to the terms and conditions of my agreement with
>> cust X, despite that I
Kuhtz, Christian wrote:
>> Kuhtz, Christian wrote:
>>> Seems several commercial clients (such as Cisco's VPN client) offer
>>> workaround for that (tunneling IPSEC in a TCP session).
>> Works great.
>> Yup. there are various proprietary solutions that require us
>> to trash out an expensive and *w
Kuhtz, Christian wrote:
> Seems several commercial clients (such as Cisco's VPN client) offer
> workaround for that (tunneling IPSEC in a TCP session). Works great.
Yup. there are various proprietary solutions that require us to trash out
an expensive and *working* VPN-1 solution, buy an equally
Kuhtz, Christian wrote:
> And there are workarounds for all those.
NAT-T for ipsec is really intended for endnodes only - which is fine if
you are doing the NAT yourself (typical medium/large company scenario -
internal users shouldn't be using IPSEC, that is done at the
gateway/firewall) but suck
Avleen Vig wrote:
> Indeed, and IPSec tunnels are frequently done between routers on
> networks, rather than individual hosts on networks (at least in most
> multi-site enterprises i've seen).
Indeed so yes - however... A large and increasing segment of my users are
VPN laptop users with ADSL at h
Simon Lockhart wrote:
> Anything that relies on knowing which host it is talking to by
> looking at the source address of packets breaks.
Indeed. Novell networking for example - or MS Exchange New Mail
notification. of course, you shouldn't be doing either on the internet,
but a common "small bra
Avleen Vig wrote:
> If "more IP addresses" is the only motivation for using IPv6, it's
> really not enough. For environments where direct access to the
> internet isn't required, NAT serves perfectly well.
IPSec, SIP/VoIP or almost anything that relies on UDP borks on NAT,
doesn't it?
Crist Clark wrote:
> Unless your AV software has a clue, like most do, and unzips archives
> and see what's inside.
which is ideal for virus scanning, but not for blanket-blocking of email.
A zipped archive containing an executable cannot (unless something has
changed that I don't know about) be a
I am not sure I am following the argument here.
as far as I can make out
1. Many (all!) providers underprovision (aka oversell) their bandwidth,
expecting peak utilisations to be approximately the provisioned amount
because experience has shown that actual usage is only a percentage of
theoretic
At least theoretically, the US *is* supposed to have a comparable system.
European privacy law makes it illegal to transfer personal data of any kind
to a country without a comparable system - the US has a voluntary "Safe
Haven" scheme that is supposed to enable US companies to be able to receive
E.B. Dreger wrote:
>> Date: Sun, 26 Jan 2003 00:22:02 -0500 (Eastern Standard Time)
>> From: Alex Rubenstein
>
>
>> Agreed. And, even if it is super encrypted, who cares? Enough
>> CPU and time will take care of that.
>
> Articles about "1000 years to crack using brute force" are a bit
> disconcer
> "Your not my customer I really don't care" *click*
> Nice. professional too.
I had a similar experience with them - even though we *are* a UUNet
customer, we weren't the customer with the problem (in this case, a email
address which was a subdomain of the company's main address was being
reject
23 matches
Mail list logo
