Full Disclosure mailing list archives
Re: automated vulnerability testing
From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 1 Dec 2003 09:58:33 -0600 (CST)
On Sun, 30 Nov 2003, Jonathan A. Zdziarski wrote:
Aren't such measures -- especially the former -- simply crutches that effectively _encourage_ the continuation of poor (even downright negligent) programming practices?Only to the extent that TCP wrappers and firewalls are simply crutches to effectively encourage the continuation of poor systems administration.
Quite a flaw in logic there, I'm sure you meant; Only to the extent that TCP wrappers and firewalls are simply crutches to effectively encourage the continuation of poor systems networking protocols that already exist. Being that the flaws are inherent to the network protocols in use. Admins have long known how to lock a system down, and keep it that way, remove all users and limit access and functionality. That tends to make the system far less then useful. But, the core issue lies with the networking protocools that are meant to make iintersystem communications actually happen. There was no security within their design, security was the lowest factor in the developers mind at the time. And of course a rewrite of all that code and then pushing that to the internet-citezenry at large would be fairly daunting eh? Look how well the conversion from ssh1 to ssh2 has progressed... Thanks, Ron DuFresne _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: automated vulnerability testing Ron DuFresne (Dec 01)
- Re: automated vulnerability testing Jonathan A. Zdziarski (Dec 01)
- Re: automated vulnerability testing Michael Gale (Dec 01)
- RE: automated vulnerability testing Bill Royds (Dec 03)
- <Possible follow-ups>
- Re: automated vulnerability testing Chris Adams (Dec 01)