Dailydave mailing list archives

Re: Computers' Insecure Security - Business Week, 17Jun05

From: "Andrew R. Reiter" <arr () watson org>
Date: Mon, 20 Jun 2005 17:15:58 -0400 (EDT)

On Mon, 20 Jun 2005, Rodney Thayer wrote:

:It's nice to see Yankee Group has discovered something that other
:folks have already seen;-)
:
:Whether or not hackers should be treating
:security products as more interesting targets is a point of discussion,
:but the security product vendors are, after all, by definition, in the
:security space so I think it's fair to question the security
:of their products and unfair of them to presume they have some sort of
:right to be sloppy on the security of their own implementations.

I agree with you.  

I thought this has been understood for a long time now :-/  Look at the 
show that was put on when BlackHat had a nice presentation on FW-1 
weaknesses (by T. Lopatic, J. McDonald, & D. Song) back in 2000; this is 
just one (high profile) example of many.

Oh well :-)  Guess some people need that wake up call.


:
:Gage wrote:
:> Looks like we have a case of the blind leading the blind. (respectively
:> excluding any dailydave's) the security software products that we recommend
:> and use are now worst than the out-of-the box OS from MS. The new Yankee
:> Group Report should be an interesting read for most.  It doesn't take much
:> hacking talent to hold down the F8 key and select safe mode with networking
:> to turn off 95+% of all security products. 
:>  
:> Gage
:> 
:>  
:> JUNE 17, 2005
:> 
:> Computers' Insecure Security
:> 
:>  
:> Software meant to protect PCs are now attack targets, revealing a rising
:> number of flaws -- even more than those of Microsoft products
:> 
:>  
:> Think you're safe because your computer has the latest antivirus program,
:> complete with daily updates via the Web? Or maybe you figure the firewall
:> you have installed will stop malicious software from reaching your machine.
:> 
:>  
:> Well, you may not be as secure as you think. Hackers are increasingly
:> finding flaws in the very programs designed to prevent attacks --
:> computer-security software. Advertisement
:
:...
:_______________________________________________
:Dailydave mailing list
:Dailydave () lists immunitysec com
:https://lists.immunitysec.com/mailman/listinfo/dailydave
:
:

--
Andrew R. Reiter
arr () watson org
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Computers' Insecure Security - Business Week, 17Jun05 Gage (Jun 19)
- Re: Computers' Insecure Security - Business Week, 17Jun05 H D Moore (Jun 19)
- Re: Computers' Insecure Security - Business Week, 17Jun05 Rodney Thayer (Jun 20)
  - Re: Computers' Insecure Security - Business Week, 17Jun05 Andrew R. Reiter (Jun 20)
- <Possible follow-ups>
- Re: Computers' Insecure Security - Business Week, 17Jun05 Steve Manzuik (Jun 20)
- Re: Computers' Insecure Security - Business Week, 17Jun05 Steve Manzuik (Jun 20)