Dailydave mailing list archives

Re: This just in: Firewalls are obsolete

From: Blue Boar <BlueBoar () thievco com>
Date: Mon, 11 Jul 2005 17:00:58 -0700

Florian Weimer wrote:

In order to offer any protection, the firewall has to implement the
complex protocol -- and countless others.


I very specifically said and meant "behind", and not through.  I don't
consider the general class of things available now called firewalls to
be of any significant use against client-side vulnerabilities.

So the client-side problems are adding to the threat.  The server-side
problems haven't disappeared though, so you still can't junk your
firewall.  It just doesn't help you with the client-side problem.

I first heard of the concept of client-side holes from Mike Schiffman at
the first Black Hat.  At least, that was the first time I'd heard it
described as such, stated as a new class of vulnerabilities on the rise.

This is the 10th Black Hat this year, right?

My basic point being that people don't get rid of the old security
layers, they just paint new ones on.

                                                BB
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

This just in: Firewalls are obsolete Jonatan B (Jul 11)
- Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
  - Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
    - Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
    - Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
  - Re: This just in: Firewalls are obsolete Blue Boar (Jul 11)
    - Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
    - Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
    - Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
    - Re: This just in: Firewalls are obsolete Blue Boar (Jul 11)
    - Re: This just in: Firewalls are obsolete Blue Boar (Jul 11)
    - Re: This just in: Firewalls are obsolete I)ruid (Jul 12)
  - Re: This just in: Firewalls are obsolete rdump (Jul 12)
- Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
  - Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
    - Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
    - Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
    - Re: This just in: Firewalls are obsolete byte_jump (Jul 12)
  - Re: This just in: Firewalls are obsolete Derek Vadala (Jul 11)
  - Re: This just in: Firewalls are obsolete Daniele Muscetta (Jul 12)
    - Re: This just in: Firewalls are obsolete dan (Jul 12)

(Thread continues...)