funsec mailing list archives
Re: whitehouse cyber strategy review
From: Dan Kaminsky <dan () doxpara com>
Date: Sun, 15 Nov 2009 11:23:40 -0800
On Sun, Nov 15, 2009 at 4:36 AM, Rich Kulawiec <rsk () gsp org> wrote:
On Sat, Nov 14, 2009 at 07:51:25PM -0500, Larry Seltzer wrote:Don't run Windows, morons.Most of us have wondered for years what it would take for the malware community to pay attention to non-Windows platforms. This would do it.Oh, no doubt. But they will find it considerably more difficult to go up against people like Cox and de Raadt, who actually fix problems in a timely manner, rather than denying them in press releases and quietly releasing broken patches weeks or months or years later. Of course, this is only a first step, but it would in one sweeping blow eliminate the obviously-weakest component. Lather, rinse, repeat... because the way to secure massive operations is not by trying to protect inferior components, it's by eliminating them. And equally of course, this will never happen, because it would require actual thinking and innovation rather than mere reapplication of the same time-worn techniques that have already failed so predictably.
Your problem is that you think Cox and de Raadt are particularly relevant on the attack surface. They're not. They expose TCP, SSH, and maybe HTTP. Big whoop. Throw Wordpress onto either of their platforms and they're rather thoroughly hosed. And lets not even talk about client side code. Firefox isn't any more secure on Linux/OpenBSD, and it's had a pretty rough year. Stuff on Windows is attacked because its popular. That's really all. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: whitehouse cyber strategy review, (continued)
- Message not available
- Re: whitehouse cyber strategy review Larry Seltzer (Nov 14)
- Message not available
- Re: whitehouse cyber strategy review Larry Seltzer (Nov 14)
- Re: whitehouse cyber strategy review Larry Seltzer (Nov 14)
- Re: whitehouse cyber strategy review Robert Graham (Nov 14)
- Re: whitehouse cyber strategy review der Mouse (Nov 14)
- Re: whitehouse cyber strategy review Rich Kulawiec (Nov 15)
- Re: whitehouse cyber strategy review Larry Seltzer (Nov 15)
- Re: whitehouse cyber strategy review Rich Kulawiec (Nov 15)