Full Disclosure mailing list archives
Re: Re: January 15 is Personal Firewall Day, help the cause
From: "Gregory A. Gilliss" <ggilliss () netpublishing com>
Date: Thu, 15 Jan 2004 12:09:12 -0800
<RANT> What should Cisco do? Cisco should stop letting all the people who write IOS release IOS code with all those vulnerabilities in it. It's not like they haven't been around since 1984 (they have) and like they can't do regression testing (they do), so why are there 17 critical patches? Because they suck? No, because time-to-market still is more important than shipping a robust product. Get the busdev ch0ads out of the driver's seat and get technical people back in charge and you'll see a marked decrease in vulnerabilities and patches. Let engineers engineer, dammit! FWIW, the "anti-M$ drivel" is the response of a large number of highly educated and experienced security professionals who have spent weeks, months, and sometimes years of their time (for free in most cases) doing research into security and reporting the findings to the pertinent vendors who (in most cases) accept that information and then ... do nothing! I think that it is safe to say that we all realize that security is a revenue drain for companies, but c'mon - we find the holes and report them, we get nothing. We find the holes and exploit them, we're the bad guys. Is the security community supposed to bend over and accept what large multinational corporations tell us? Sorry, but if you believe that then your blinders are on too tight =;^) Curious and intelligent people are going to pick apart the code and find the holes. Shutting down R&D would be the dumbest thing that we could do (since hackers in Eastern Europe and Asia will just continue doing it and will leapfrog over us). So whether or not you are a fan of M$ and Cisco (and while they have their faults, I concede that both companies have made and continue to make major contributions to computers and networking) the fact remains that if someone tells you that your door is ajar and you neither respond not act, then your decision can be and often will be to your detriment. BTW (TOTALLY off-topic), teaching people to avoid dangerous situations is not a bad philosophy, IMHO, in cases where the people are not equipped to deal with the potential dangers. Small women would do well to avoid bad neighborhoods at night, even if they are walking home from their karate class, unless they are looking for trouble. FWIW, Foundry and Juniper (hi BMat) continue to be much better technical solutions than Cisco. People buy Cisco because "no one every got fired for buying {IBM,Microsoft,Cisco}" and because finding someone who knows the Cisco CLI (or who has a Cisco cert) is much easier than finding a person who can properly set up and configure a Foundry "six-pack" configuration. Oh, and BellSouth has no clue. Never has had one, even way back before Operation Sun Devil. No clue. Move where the clue is. There, is that better? </RANT> G On or about 2004.01.15 13:55:18 +0000, Mary Landesman (mlande () bellsouth net) said:
That's pretty much like teaching your kids to never talk to strangers, or never visit the "bad" part of town. Fact is, most crimes are committed by people we know. Microsoft is often victimized, mainly because they are so ubiquitous. Cisco is running a poll right now to see which of the 17 critical patches are most important to users, because they only have the manpower to fix 10 of them. Should we all stop using Cisco products? This anti-MS drivel is so tiresome.
-- Gregory A. Gilliss, CISSP E-mail: greg () gilliss com Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- January 15 is Personal Firewall Day, help the cause tlarholm (Jan 14)
- Re: January 15 is Personal Firewall Day, help the cause KF (Jan 14)
- Re: January 15 is Personal Firewall Day, help the cause cdowns (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Ron DuFresne (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Tobias Weisserth (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Ron DuFresne (Jan 15)
- Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Ron DuFresne (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Mary Landesman (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Gregory A. Gilliss (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Ron DuFresne (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 17)
- Re: Re: January 15 is Personal Firewall Day, help the cause Exibar (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Exibar (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Tobias Weisserth (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Exibar (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Exibar (Jan 16)