Firewall Wizards mailing list archives
Re: Application-level Attacks
From: Anthony de Boer <adb-fww () leftmind net>
Date: Mon, 21 Feb 2005 10:32:58 -0500
R. DuFresne wrote:
The industry perhaps in worse shape then that, when marketing has taken over it from the ground up so completely that if one actually did take security serious and locked down their browsers, perhaps the most exploited attack vector of the current decade, to the point they are advised to, they'd not beable to cruise a single security site.
One senses business plans built on the problem, rather than the solution. People would rather be able to hear that they can continue doing the broken things they're already doing, so longs as they throw a respectable amount of money at a Security Vendor for some magic security sugar to toss over what they're doing. Get some antivirus coverage against last week's problems, and believe that the industry is utterly defenceless against the next slightly-different exploitation of known vectors. And there's certainly a big pile of money to be made from that. Heavens, if you actually solved the problem and people said thank-you and pinned a medal on you and then walked away, where would you be? Doing things robustly, and actually letting security considerations affect what you're doing and how you do it, just isn't popular enough. Fortunately, there will always be a few of us who were never big on this popularity thing. -- Anthony de Boer _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application-level Attacks, (continued)
- Re: Application-level Attacks George Capehart (Feb 01)
- Re[2]: Application-level Attacks gmx (Feb 11)
- Re: Re[2]: Application-level Attacks Brenno Hiemstra (Feb 12)
- Re: Application-level Attacks Devdas Bhagat (Feb 12)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks Frank Knobbe (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks R. DuFresne (Feb 19)
- Re: Application-level Attacks Anthony de Boer (Feb 22)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 19)
- RE: Application-level Attacks Marcus J. Ranum (Feb 22)