Firewall Wizards mailing list archives
Re: The Morris worm to Nimda, how little we've learned or gained
From: Frederick M Avolio <fred () avolio com>
Date: Fri, 04 Jan 2002 07:16:13 -0500
At 03:44 PM 1/3/02 -0500, Marcus J. Ranum wrote:
R. DuFresne wrote: >And we have not even broached the topic here of vendor >responsibility... There's enough blame that everyone involved can shoulder a ton of guilt. I've been watching the blame in computer security flow in circles for years. The flow looks like this: - The hackers blame the sysadmins who leave their machines open - The sysadmins blame the vendors who write buggy insecure code - The vendors blame the customers who place a premium on features over quality
Yes, although the above is not circular.Vendors give exactly what customers want. I mean *really* want. If security was most important to customers, Check Point wouldn't be the #1 firewall, for example. (Or Cisco.) Microsoft would not be able to get away with shipping security problems-in-waiting. But when money is on the table, features -- and features, NOW not later -- always win.
That's what keeps our job interesting.Great editorial, Ron. (In many of the security classes I teach, no one in the room knows what I mean by "the Morris Worm.")
Fred Avolio Consulting, Inc. 16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US +1 410-309-6910 (voice) +1 410-309-6911 (fax) http://www.avolio.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: The Morris worm to Nimda, how little we've learned or gained Marcus J. Ranum (Jan 03)
- Re: The Morris worm to Nimda, how little we've learned or gained Paul D. Robertson (Jan 04)
- Re: The Morris worm to Nimda, how little we've learned or gained Richard Johnson (Jan 04)
- Re: The Morris worm to Nimda, how little we've learned or gained Ryan Russell (Jan 05)
- Re: The Morris worm to Nimda, how little we've learned or gained Frederick M Avolio (Jan 04)
- Re: The Morris worm to Nimda, how little we've learned or gained Adam Shostack (Jan 04)
- RE: The Morris worm to Nimda, how little we've learned or gained robert_david_graham (Jan 04)
- RE: The Morris worm to Nimda, how little we've learned or gained Ryan Russell (Jan 05)
- OT: Re: The Morris worm to Nimda, how little we've learned or gained Roelof JT Jonkman (Jan 05)
- Re: OT: Re: The Morris worm to Nimda, how little we've learned or gained H. Morrow Long (Jan 06)
- Host Based Packet Filters (was: OT: The Morris worm to Nimda, how little we've learned or gained) Robin S. Socha (Jan 06)
- safety of unidirectional NT trusts hermit921 (Jan 15)
- Re: safety of unidirectional NT trusts Jonas Anden (Jan 16)
- Re: safety of unidirectional NT trusts S. Jonah Pressman (Jan 17)
- <Possible follow-ups>
- Re: The Morris worm to Nimda, how little we've learned or gained Rudy_D_Pereda (Jan 12)
(Thread continues...)