Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Making Security Suck Less

From: Christian Sciberras <uuf6429 () gmail com>
Date: Thu, 16 Dec 2010 12:06:03 +0100
I might be lead by the leash on your little rant here, but let me say one
thing...

Half of the enthusiasm I had for your post evoparated after;

"How many of you have ever had a virus, scareware, cracks, hacks, or
spontaneous reboots even though you've got your wares updated and patches
installed? Many of you are keeping your hands up."

Enthusiasm simply got replaced with some doubts after reading...

"Why did so many buy into the crap about "There's no such thing as perfect
security." and "Security is a process."? Why?"

An unused harddisk under several meters of concrete is perfectly vulnerable
to all kinds of attacks.
Let alone servers which are supposed to be running 24/7.

I'm sorry, but your rant is unrealistic. The next best approach to
patch-test-release would be not releasing anything at all.


Just my 2cents-worth.

Chris.








On Thu, Dec 16, 2010 at 8:46 AM, Pete Herzog <lists () isecom org> wrote:


Hi,

"Now not everything about the old security model is bad. Personally, I
really like the Zen feel of it. It's like raking the fine, white,
beach sand into those concentric lines and around rocks and dead fish
and stuff. It's very Zen. Then as the tide rises, the wind blows, and
Frisbees get badly thrown you have to do it all over again in a very
Zen way like this: Install. Harden. Configure. Patch. Scan. Patch
again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install.
Configure. And then you do it all over again! With so much Zen
practice it's hard not to become a Master of the security repeat
cycle. But you know what else is Zen? NOT doing that. It's less
stressful to maintain an existing balance between operations,
limitations, and controls then running around and putting out fires."

This is from my new article called, "Making Security Suck Less" you
can read finished at:

https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html

There's some more, new articles reviewing the OSSTMM and the new
security model at InfoSec Island here:

https://www.infosecisland.com/osstmm.html

Sincerely,
-pete.

--
Pete Herzog - Managing Director - pete () isecom org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.badpeopleproject.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: