Firewall Wizards mailing list archives
RE: Worms, Air Gaps and Responsibility
From: "Mark Gumennik" <mgumennik () mitre org>
Date: Mon, 10 May 2004 14:07:49 -0400
-----Original Message----- From: R. DuFresne [mailto:dufresne () sysinfo com] Sent: Monday, May 10, 2004 1:42 PM To: Mark Gumennik Cc: Paul D. Robertson; Devdas Bhagat; firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Worms, Air Gaps and Responsibility
If we counted each and every addon app under windows, like the counts that are done for linux, then the numbers would reflect the problems that windows systems and the application folks use under tthat OS. Now what is Linux and what should be counted as a vuln against it? Should we only count what is in the kernel and perhaps the modules that folks can decide to use? Or do we count each and ever package that might be added in? Not all linux installs of course require a web server, or dns/bind. Many do not even include or require X. Watch how you read these vuln reports in the major media channels, and even on good ole bgtrack, they are slanted to make MS and redmond look sweeter these days <smile>.[0] )))))))))))))))))))))) Ron, This is exactly my point: If you want to put LINUX on the DESKTOP you have to use all the bells and whistles which makes vuln. on it equal to MS Mark G PS I'm glad I made such a splash, how wonderful it'd be to go back to the world were the knowledge of 25-30 network commands made us all look sacred. Speaking of LDAP , Kerb and other tools : obviously the use of them makes us look much better than such earthy things as MS AD or Novell NDS where all this staff is already built-in FOR THE DESKTOPS (not for the remote AAA). To entertain you even more: a little quiz for the experts (please quiz yourself, don't send me responses, I won't grade them :-): How many servers are involved in Kerberos communications? How many messages are sent back and force before the actual authentication? Can you name at least 10% of them? Good luck _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Worms, Air Gaps and Responsibility, (continued)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 08)
- RE: Worms, Air Gaps and Responsibility Mark Gumennik (May 11)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 11)
- AIX LPAR security hermit921 (May 25)
- Re: AIX LPAR security Paul D. Robertson (May 25)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 11)
- widnows vs unix and security Re: Worms, Air Gaps and Responsibility ArkanoiD (May 12)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 11)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility R. DuFresne (May 10)
- RE: Worms, Air Gaps and Responsibility Mark Gumennik (May 10)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 10)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 10)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 10)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re[2]: Worms, Air Gaps and Responsibility Paul Van Noord (May 07)
- Re[2]: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 07)
- Re[2]: Worms, Air Gaps and Responsibility Eric Maiwald (May 07)
- Re: Worms, Air Gaps and Responsibility Vinicius Moreira Mello (May 10)
- Re: Worms, Air Gaps and Responsibility Bret Watson (May 10)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)