Penetration Testing mailing list archives
Re: [PEN-TEST] WebEx security?
From: Bennett Todd <bet () RAHUL NET>
Date: Tue, 31 Oct 2000 15:02:09 -0500
2000-10-31-12:53:14 Alfred Huger:
I would have to disagree with the notion that weak network security on their site relates to an insecure product.
Sounds like you have some different experiences from me.
The IT folks are without doubt not the same people who are writing the application in question.
Certainly, but...
I can think of a number of vendors who have excellent products in terms of security and terrible network security....
I've never met a single one, and have trouble picturing how it can happen. I've seen plenty of vendors with decent in-house security that ship product with lousy security; that happens whenever the folks making the sales and marketing decisions don't understand the need for security; far too few customers will demand it to create good pressure from their side, it has to come from the sales staff. But in what sort of shop would designers and sales staff who understand and care about appropriate security ignore the fact that their own systems don't have it, or be ignored when they report that to management?
Bad IT people do not add up to a bad product.
In my experience good IT people maintaining a good secure vendor site are a necessary but not sufficient condition to see good product coming from that vendor. And so I've invariably found that bad IT people do indeed invariably go with bad product. -Bennett
Attachment:
_bin
Description:
Current thread:
- [PEN-TEST] WebEx security? Frazier, Thomas (Nov 01)
- Re: [PEN-TEST] WebEx security? Erik Tayler (Nov 01)
- Re: [PEN-TEST] WebEx security? Alfred Huger (Nov 01)
- Re: [PEN-TEST] WebEx security? Erik Tayler (Nov 01)
- Re: [PEN-TEST] WebEx security? Alfred Huger (Nov 01)
- Re: [PEN-TEST] WebEx security? Erik Tayler (Nov 01)
- Re: [PEN-TEST] WebEx security? Bennett Todd (Nov 01)
- Re: [PEN-TEST] WebEx security? Air Force Guy (Nov 01)
- Re: [PEN-TEST] WebEx security? Alfred Huger (Nov 01)
- Re: [PEN-TEST] WebEx security? Wil Allsopp (Nov 01)
- Re: [PEN-TEST] WebEx security? Erik Tayler (Nov 01)
- <Possible follow-ups>
- Re: [PEN-TEST] WebEx security? Ken Pfeil (Nov 01)
- Re: [PEN-TEST] WebEx security? Erik Tayler (Nov 01)
- Re: [PEN-TEST] WebEx security? Steve (Nov 01)
- Re: [PEN-TEST] WebEx security? Erik Tayler (Nov 01)
- Re: [PEN-TEST] WebEx security? Jonah Kowall (Nov 01)
- Re: [PEN-TEST] WebEx security? Bennett Todd (Nov 01)