Full Disclosure mailing list archives
RE: [Full-Disclosure] RE: [Full-disclosure]MS should re-write code with security in mind
From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 20 Aug 2004 10:37:33 -0500
Whitehats are mostly losing. Network administrator that has no sense of security are losing. Are all network open to something? Yep, but you can reduce your risk if you try. No network is safe from hackers 100% and no hacker is safe from the law 100%. We all take our chances - sometimes on both sides... -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Clairmont, Jan M Sent: Friday, August 20, 2004 9:46 AM To: full-disclosure () lists netsys com Subject: RE: [Full-Disclosure] RE: [Full-disclosure]MS should re-write code with security in mind Glenn: Not to take issue with the performance of encryption, but what good is performance when it's all spent processing spam, malware, trojans, spyware and all the other cr*p that downloads. Even things like spybot, zone alarm etc. do not prevent any of the junk that gets loaded thru mail and port 80, plus any other vulnerabilities that continually open up. I would gladly take performance hits for reliability and the end of endless spam, vuls, and spyware that constantly attach to my clients as well as myself. Anyone in the real world knows how impossible it is to totally lock down a large commercial network. To do business you need to open at least one window to the hellish nightmare of the internet. Plus router, firewall, switch, modem, atm endless list of vulnerable systems... It is a never ending battle, and for the most part the white Hats are losing. So what is the alternative? Go to a totally secure network computing system like the military? It seems we may have no choice. Jan Clairmont Firewall Administrator/Consultant (302) 323-3616 -----Original Message----- From: Glenn_Everhart () bankone com [mailto:Glenn_Everhart () bankone com] Sent: Thursday, August 19, 2004 10:53 AM To: Clairmont, Jan M Subject: RE: [Full-Disclosure] RE: [Full-disclosure]MS should re-write code with security in mind Encryption is one scheme that gives access control. It is one of the more expensive alternatives out there for this, and people using it often get the key management wrong and vitiate their entire efforts while sweeping the problems under the rug. When I invented the cryptodisk back in the late 70s I noticed the first version (using a DES algorithm) would allow the processor either to be doing useful work, or encrypting/decrypting disk. I therefore added a much weaker but faster algorithm as an alternative (for more benign environments) that at least permitted both. Machines today are much more capable, but overdone encryption is still capable of eating serious amounts of their performance. Glenn Everhart -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Clairmont, Jan M Sent: Wednesday, August 18, 2004 2:01 PM To: full-disclosure () lists netsys com Subject: [Full-Disclosure] RE: [Full-disclosure]MS should re-write code with security in mind M$ should just bite the bullet and re-write windows with security in mind, give it a true process scheduler, multi-user with windows as a client server processes. Build in 256 bit encryption and secure communications between processes and external communication with no unencrypted traffic. That would shut down a lot of these mindless security leaks. All mail should be encrypted and point-to-point, with the mail servers only able to re-direct and broadcast mail with authentication. Maybe we could slow a lot of the hacking down and spam. But again until the market place demands it M$, Linux and everybody else it's business as usual. Keeps us employed I guess. Jan Clairmont Firewall Administrator/Consultant _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ********************************************************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you ********************************************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [Full-Disclosure] RE: [Full-disclosure]MS should re-write code with security in mind Clairmont, Jan M (Aug 20)
- Re: [Full-Disclosure] RE: [Full-disclosure]MS should re-write code with security in mind Barry Fitzgerald (Aug 20)
- Re: [Full-Disclosure] RE: [Full-disclosure]MS should re-write code with security in mind Valdis . Kletnieks (Aug 20)
- <Possible follow-ups>
- [Full-Disclosure] RE: [Full-disclosure]MS should re-write code with security in mind Clairmont, Jan M (Aug 20)
- Re: [Full-Disclosure] RE: [Full-disclosure]MS should re-write code with security in mind Nick FitzGerald (Aug 20)
- RE: [Full-Disclosure] RE: [Full-disclosure]MS should re-write code with security in mind Todd Towles (Aug 20)
- Re: [Full-Disclosure] RE: [Full-disclosure]MS should re-write code with security in mind Barry Fitzgerald (Aug 20)