Re: Vulnerability Response (was: BGP TCP RST Attacks)

[Gwendolynn ferch Elydyr <gwen () reptiles org>]

On Thu, 3 Jun 2004, Paul D. Robertson wrote:
> One of the best quotes yet that I got from a vendor in a meeting was
> "Stop!  I can't think that fast!"  In that case though, the users were
> being pressured into evaluating and possibly purchasing something they
> didn't want- but politically couldn't dismiss themselves.  I got invited
> to do the thing they were used to seeing me do- beat up the vendor over
> security- but this time it was to their advantage for me to poke holes in
> it, since it'd give them ammo for rejecting the whole silly scheme.

Wandering somewhat afield, the most remarkable reaction that I've ever
gotten from a vendor was the one who called up, practically in tears,
and proclaimed "You can't do this to me! It's not fair!" [0].

I was completely boggled that they thought that a social attack of that
nature was likely to have any effect other than causing me to flee farther.

More to the point, it also helps when you can go down a litany of
requirements with the vendor, and force them to address each item [1]...

> Get some sand, a bucket, a nail and a hammer, and *show* them how much
> effectiveness they lose with each port.

Hrm. I may have to try that... if nothing else, it's a fun example ;>

cheers!
[0] "this" being not including their product in the final evaluation
phase.  At the time, they didn't have a TLS gateway, which was a showstopper.
[1] Then again, it's always fun to include "Meets RFC 1149 and 3514".
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards