Re: SECURITY Digest - 23 Sep 2005 to 26 Sep 2005 (#2005-176)

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Tue, 27 Sep 2005 08:33:43 PDT, "Cary, Kim" said:
> Yes, the logical end-game is a caution and no mistake, but that lesson
> applies to the present. So, if someone is trying to get rid of Yahoo
> messenger, then, block the destinations? Go for the deep packet
> inspectors? We are not planning on this at present, but there are
> analogous issues. What are schools using to check for non-protocol
> traffic on standard protocol ports? Even Packeteer, whose game is doing
> just that, seems unable to get more than a B- at protocol fingerprinting.

The answers to this, of course, all are very dependent on *why* you're trying
to get rid of Yahoo messenger - most often, it's a case of shooting the messenger.
The *REAL* concern probably isn't "We don't like Yahoo Messenger", it's more likely
some variant on "holes in Yahoo Messenger can compromise systems and expose data".

At that point, you're better off long term in spending effort in deploying systems
that it doesn't matter, because programs like Yahoo Messenger are sandboxed and
unable to get any traction.  For example, the SELinux component now shipping
with RedHat and Fedora Linux is able to sandbox Mozilla and Firefox so it can
only read and write its own files.

(Yes, I realize the vast majority of us are still stuck running systems that
are all too willing to let programs access anything they want, sometimes for
reasons as trivial as "the file is owned by the person who the program seems to
be running under".  That's the *real* problem here....)

Attachment: _bin
Description: