Re: Application-level Attacks

[Anthony de Boer <adb-fww () leftmind net>]

R. DuFresne wrote:
> The industry perhaps in worse shape then that, when marketing has taken
> over it from the ground up so completely that if one actually did take
> security serious and locked down their browsers, perhaps the most
> exploited attack vector of the current decade, to the point they are
> advised to, they'd not beable to cruise a single security site.

One senses business plans built on the problem, rather than the solution.

People would rather be able to hear that they can continue doing the
broken things they're already doing, so longs as they throw a respectable
amount of money at a Security Vendor for some magic security sugar to
toss over what they're doing.  Get some antivirus coverage against last
week's problems, and believe that the industry is utterly defenceless
against the next slightly-different exploitation of known vectors.

And there's certainly a big pile of money to be made from that.  Heavens,
if you actually solved the problem and people said thank-you and pinned a
medal on you and then walked away, where would you be?

Doing things robustly, and actually letting security considerations
affect what you're doing and how you do it, just isn't popular enough. 
Fortunately, there will always be a few of us who were never big on this
popularity thing.  

-- 
Anthony de Boer
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards