Bugtraq mailing list archives
Re: Remote Desktop Command Fixation Attacks
From: hvdkooij () vanderkooij org
Date: Thu, 11 Oct 2007 23:45:05 +0200
pdp (architect) wrote:
Thor, with no disrespect but you are wrong. Security in depth does not work and I am not planning to support my argument in any way. This is just my personal humble opinion. I've seen only failure of the principles you mentioned. Security in depth works only in a perfect world. The truth is that you cannot implement true security mainly because you will hit on the accessibility side. It is all about achieving the balance between security and accessibility. Moreover, you cannot implement security in depth mainly because you cannot predict the future. Therefore, you don't know what kinds of attack will surface next. Security is not a destination, it is a process. Security in depth sounds like a destination to me.
Security in depth is neither a destination nor a process. It is a state of mind. Each part should take care of itself. And it should be as secure as possible in each step. Hugo. -- hvdkooij () vanderkooij org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger.
Current thread:
- Re: Remote Desktop Command Fixation Attacks, (continued)
- Re: Remote Desktop Command Fixation Attacks pdp (architect) (Oct 11)
- RE: Remote Desktop Command Fixation Attacks Thor (Hammer of God) (Oct 10)
- RE: Remote Desktop Command Fixation Attacks M. Burnett (Oct 11)
- Re: Remote Desktop Command Fixation Attacks pdp (architect) (Oct 11)
- Re: [Full-disclosure] Remote Desktop Command Fixation Attacks gboyce (Oct 11)
- Re: [Full-disclosure] Remote Desktop Command Fixation Attacks pdp (architect) (Oct 11)
- Re: [Full-disclosure] Remote Desktop Command Fixation Attacks gjgowey (Oct 11)
- RE: [Full-disclosure] Remote Desktop Command Fixation Attacks Paul Melson (Oct 11)
- RE: [Full-disclosure] Remote Desktop Command Fixation Attacks Alex Everett (Oct 15)
- RE: Remote Desktop Command Fixation Attacks Jim Harrison (Oct 11)
- Re: Remote Desktop Command Fixation Attacks hvdkooij (Oct 12)
- Message not available
- RE: [Full-disclosure] Remote Desktop Command Fixation Attacks Pete Simpson (Oct 12)
- RE: Remote Desktop Command Fixation Attacks Thor (Hammer of God) (Oct 12)
- Re: Remote Desktop Command Fixation Attacks pdp (architect) (Oct 15)
- Message not available
- Re: [Full-disclosure] Remote Desktop Command Fixation Attacks pdp (architect) (Oct 15)