Dailydave mailing list archives
Re: So, the security industry has given up on the principles of least privilege and separation?
From: Joanna Rutkowska <joanna () invisiblethingslab com>
Date: Sat, 14 Feb 2009 21:42:01 +0100
Dave Korn wrote:
"UAC should only be considered an extra security feature, which will remind users that the code they run potentially could harm their systems - it is not meant as a guarantee against code's ability to harm a system," Secunia's Kristensen added. --------------------<snip>--------------------
Heh ;) That rings a bell ;)
That made me snort into my breakfast cereals, I can tell you. Has the entire security industry abandoned all hope of using the principle of least privilege and limited user accounts, or just him?
It seems so. Why otherwise everybody would be getting so excited about yet-another-remote-bug-in-IE/Firefox/Safari? Why would the Flash/QT/etc exploits be worth tens of thousand of $ on the black market? Least privilege, seems to be a rocket science for the majority of population. Sadly, this seems to include the ITSec community as well. I wish more people make comments like Dave. Cheers, joanna. "Give less shit about browser bugs -- run them in VMs!" (The 's' is important)
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- So, the security industry has given up on the principles of least privilege and separation? Dave Korn (Feb 14)
- Re: So, the security industry has given up on the principles of least privilege and separation? Michal Zalewski (Feb 16)
- Re: So, the security industry has given up on the principles of least privilege and separation? Joanna Rutkowska (Feb 16)
- Re: So, the security industry has given up on the principles of least privilege and separation? Andre Gironda (Feb 16)
- Re: So, the security industry has given up on the principles of least privilege and separation? Michal Zalewski (Feb 17)