Firewall Wizards mailing list archives
RE: A little paranoia for the weekend...
From: "Ben Nagy" <ben () iagu net>
Date: Wed, 30 Jul 2003 11:54:14 +0200
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Joseph Steinberg
[...]
Web-based remote access (SSL VPN etc.) can be secure if implemented properly.
Not on an unsecured public terminal they can't. This is just an illustration of the classic motif - If bad people have unrestricted physical access to a PC then you can't trust it anymore. End of story. Even with pixie dust.
The incident mentioned in the article referenced below illustrates why you need a "virtual shredder" that wipes all of the footprints from an access device as part of any SSL VPN implementation.
I don't mind the odd bit of vendorism slipping in (hey I might need to do it myself one day), but this is a touch too much for me. The features listed in your brochurelink are nice. I like them, they're useful (assuming they work as advertised >;). The direct implication that they would have ameliorated this attack in ANY way is wrong, and I find it almost deceptive. I don't like that at _all_. If you can tell me how your product would have stopped the keylogger from capturing all of the user credentials (and other information) as they were entered at the keyboard (at a much lower level than the web browser, and one that the browser has no access to) then I will shut my mouth. If not....well maybe it's not me that should. There are a lot of people in vendorspace who post here. The well respected ones don't always hide their allegiance but they take care in certain areas: 1. IF they talk about their own stuff, they don't overstate what the products do, and they don't make hand-waving marketing comments 2. They often answer general questions that they happen to have insight into, without plugging anything 3. They don't give the impression that they are just here to plug their kit whenever it seems to fit It 'aint my place to tell you what you can and can't post, or to define the One True List Etiquette According to Ben. What I can say, though, is that if this stuff annoys me enough to post a rant then it's a safe bet that it does the same thing for a couple of thousand other readers (not a big percentage), and maybe that doesn't reflect so well on your company and solutions. ben _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- A little paranoia for the weekend... Josh Welch (Jul 25)
- Re: A little paranoia for the weekend... ark (Jul 29)
- Re: A little paranoia for the weekend... Paul Robertson (Jul 29)
- RE: A little paranoia for the weekend... Josh Welch (Jul 29)
- RE: A little paranoia for the weekend... Paul Robertson (Jul 29)
- Re: A little paranoia for the weekend... ark (Jul 29)
- Re: A little paranoia for the weekend... Paul Robertson (Jul 29)
- Re: A little paranoia for the weekend... ark (Jul 29)
- <Possible follow-ups>
- RE: A little paranoia for the weekend... Behm, Jeffrey L. (Jul 29)
- RE: A little paranoia for the weekend... Paul Robertson (Jul 29)
- Re: A little paranoia for the weekend... Joseph Steinberg (Jul 29)
- RE: A little paranoia for the weekend... Ben Nagy (Jul 30)