Re: Re: Hacking: As American as Apple Cider

["Dustin D. Trammell" <dtrammell () sipera com>]

On Mon, 2005-09-12 at 01:16 +0100, Dinis Cruz wrote:
>  E) "Create tools (and services) that help in the creating of secure 
> run-time environments (with Default-Deny and Enumerating goodnesss)". 
> With today's complex systems we need help to process the information and 
> to simplify that complexly. For example a tool that would remove from 
> Windows all files that are not required to execute a particular function 
> (if a server is only acting as a web server why does it need to have all 
> the other functionality in there?)

The closest thing I've seen to this (for windows) would be XPY:
http://xpy.whyeye.org/

>  F) "Slow down the creation of new products/features/functionality and 
> focus on getting the ones that we have right" - What we need today is to 
> have a secure, reliable, robust, non-exploitable and 
> 'no-patches-required' version of what we have today. We don't need a new 
> complex system which will bring more vulnerabilities and who nobody will 
> really understand (when we already have solutions today that we almost 
> understand)

Try telling that to anyone who works in sales/marketing, and you'll find
that while that may be what we need today, what we needed YESTERDAY was
the new bell/whistle/widget.  And guess what department brings in the
revenue?  Yea.

-- 
Dustin D. Trammell
Vulnerability Researcher
Sipera Systems Inc. http://www.sipera.com

Attachment: signature.asc
Description: This is a digitally signed message part