Dailydave mailing list archives
Re: Defeating what's next
From: Kristian Erik Hermansen <kristian.hermansen () gmail com>
Date: Wed, 12 Jun 2013 10:30:43 -0700
On Wed, Jun 12, 2013 at 7:31 AM, John Strand <john () blackhillsinfosec com> wrote:
Why does it seem we are moving from blacklists to "new and improved" blacklists? It seems like the industry is caught between choosing between things that dont work (i.e. blacklists, "better" firewalls) and things which are hard to implement (i.e. whitelists, better internal network segmentation, baseline monitoring, etc.) I think Paul said, "Every time you hit the easy button, God deploys another trojan on your network."
It's the same reason DENTISTS STILL HAVE JOBS. We can -- with nearly 100% certainty -- prevent tooth decay. The fact that we don't shows that we are human and naturally flawed. Even when 100% of the problem is within our control, humans still get cavities. Security is far less in one's control, due to vendor requirements / open source libraries / etc., so the problem of course will be much worse. How many people on this list have had a cavity in their recent past? If you can't control your own mouth's hygiene, then forget about security. If we ever solve the problem of preventing cavities in dentistry as a human race, then maybe the issue of computer security has some chance for solution in the future. But until then...everyone is going to get hacked, and even if you don't get hacked directly, you get to live in a PRISM for the rest of your life... -- Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen https://profiles.google.com/kristian.hermansen _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Defeating what's next Dave Aitel (Jun 12)
- Re: Defeating what's next John Strand (Jun 12)
- Re: Defeating what's next Justin Seitz (Jun 12)
- Re: Defeating what's next Arrigo Triulzi (Jun 12)
- Re: Defeating what's next Nick Selby (Jun 12)
- Re: Defeating what's next security curmudgeon (Jun 12)
- Re: Defeating what's next Brad Andrews (Jun 12)
- Re: Defeating what's next Kristian Erik Hermansen (Jun 12)
- Re: Defeating what's next Justin Seitz (Jun 12)
- Re: Defeating what's next Vitaly Osipov (Jun 13)
- Re: Defeating what's next Moses (Jun 14)
- Re: Defeating what's next Val Smith (Jun 17)
- Re: Defeating what's next toby (Jun 17)
- <Possible follow-ups>
- Re: Defeating what's next Halvar Flake (Jun 12)
- Re: Defeating what's next Ben Miller (Jun 13)
- Re: Defeating what's next John Strand (Jun 12)