Bugtraq mailing list archives
Re: new iss stuff
From: rwing!pat () ole cdac com (Pat Myrto)
Date: Tue, 10 May 94 16:45:36 PDT
"In the previous message, ole!nersc.gov!jallen said..."
Pat, I think some people missed the point. ISS 2.0 is a commercial product for sale. The author changed it so that the new commercial version cannot be easily used to attack other sites but can be used to protect your own site. Now any site of any size can purchase ISS and scan themselves to protect themselves. You should not get a bad taste in your mouth from a legitimate business starting up. I think that many many sites will find it useful to purchase ISS. You will not that the author, a reader of this list, did not use this list to try to sell his product. Others thought the product usefull enough to post the announcement here. I have been a beta site for 2.0 of ISS and have found it very helpfull. It sure beats only having a log book that says that a certain patch has been installed.
Sure - if you want your security to be dependent on a black box. And you really believe that NO contributed code was not included in it, code for which the orignal writers are not getting a DIME? The price would be reasonable, IF IT INCLUDED SOURCE. But it doesn't. For source its well over a grand. Its back to security through obscurity (only now its 'security through black boxes'). BTW - are you working using source or a binary-only version? Would you be happy to use a binary that might not gell too well with your site with its mods and config? Would you be willing to let a total stranger on your site with root privs to build a version that would work properly in such a case? You are aware some patches to SunOS, for example, DO affect the kernel structures, and if not compiled with the patched headers, it will not work quite right? The bad taste remains. I smell a gouge playing on fear. If they decide to make the sources affordable, perhaps I will change my viewpoint. Otherwise, they are making the decisions FOR the using admin, not allowing him to decide what he wants to check. As I said: NO SALE. -- pat@rwing [If all fails, try: rwing!pat () ole cdac com] Pat Myrto - Seattle WA "No one has the right to destroy another person's belief by demanding empirical evidence." -- Ann Landers, nationally syndicated advice columnist and Director at Handgun Control Inc.
Current thread:
- [8lgm]-Advisory-7.UNIX.passwd.11-May-1994, (continued)
- [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 [8LGM] Security Team (May 12)
- Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 Pat Myrto (May 13)
- Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 Gene Spafford (May 13)
- Re: Time For New Security Package? (was Re: new iss stuff) Mark (May 10)
- Selling binaries Karyn Pichnarczyk (May 10)
- Re: new iss stuff Timothy Newsham (May 10)
- Re: new iss stuff Pat Myrto (May 10)
- Re: new iss stuff Andrew Watts (May 10)
- Re: new iss stuff Pat Myrto (May 10)
- Re: new iss stuff Steven C. Blair (May 10)
- iss: _my_ last two cents der Mouse (May 11)
- Re: passwd -F Pat Myrto (May 10)
- Re: passwd -F Daniel Azuelos (May 11)
- Re: passwd -F Casper Dik (May 11)