Full Disclosure mailing list archives
RE: CyberInsecurity: The cost of Monopoly
From: "Rick Kingslan" <rkingsla () cox net>
Date: Sat, 27 Sep 2003 10:25:24 -0500
Gregory, Given some hours to think about this topic, my post, and your thoughtful reply - I concur that you nailed it on the head and I read way too much into Fabio's post. And, because of the long-running thread, much of the initial assertion and report (true - it IS good work) was lost in the various poster's replies. So, to that - I take complete blame for not following back far enough to understand the total context of the message. But, I will stand by my statement that the juicy target is still Windows and IIS. In another post - I stand corrected in the fact that Apache is, percentage-wise, a juicy target. Touché. However, why write for Apache when IIS is so much easier still? IIS 6.0 makes strides.... But, the community as a whole will not truly be safer until the entire package is treated with the same 'crap - let's just re-write it' attitude. (This, naturally assumes that MS and it's products are in existence - if the counter takes place, it's not much of an issue...) Thanks for the reality check, Gregory. -rtk -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Gregory A. Gilliss Sent: Saturday, September 27, 2003 1:09 AM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] CyberInsecurity: The cost of Monopoly I suspect we are starting a game of telephone ... It appears to me (and I'm going to be nice and *not* include the entire thread in the message ;-) that this started out with the citation of the CCIA paper regarding Dan Geer getting shown the door. The response (which was posted by Jon on behalf of Fabio) ends with the statement "These guys have done a GREAT WORK!" which appears to refer to the paper (Geer et al). Unfortunately that post was preceded by some rant and ramble that did not clearly support the final thought (namely "huzzah for Geer et al"). Taken individually, Fabio's points include: - Removing Microsoft's monopoly somehow also will remove AV companies - Microsoft doesn't give a rat's a** about security - Vulnerabilities can only be fixed before they become a business - Open source software has not been targeted by viruses - Open source rulez - Geer et al wrote a great report FWIW, my replies to the assertions (as I have enumerated them above): - false assertion - true assertion - ? - true (exploits, OTOH...) - agree - strongly agree With apologies to Fabio, I suspect that this may be an example of a non-native English speaker's post being misinterpreted. I truly doubt that the intent was to incite a discussion of Microsoft and/or virus writing. That was actually (and if Fabio reads this and disagrees I hope that he will correct me) just fodder for the final show of support for the report by Geer et al. For the record, I am withholding comment on Geer's separation and @Stake's position until and unless more facts come to light. I suspect several of the @Stake guys can read this and that they are free to participate in the discussion (...or maybe not). I stand by my prior post - the report stands on its own merits. G On or about 2003.09.26 23:07:14 +0000, Rick Kingslan (rkingsla () cox net) said: <SNIP> Find it yourself - clipped for brevity </SNIP> -- Gregory A. Gilliss, CISSP Telephone: 1 650 872 2420 Computer Engineering E-mail: greg () gilliss com Computer Security ICQ: 123710561 Software Development WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: CyberInsecurity: The cost of Monopoly, (continued)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 26)
- RE: CyberInsecurity: The cost of Monopoly Bruce Ediger (Sep 26)
- Re: CyberInsecurity: The cost of Monopoly Matthew Murphy (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 27)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 28)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Kristian Hermansen (Sep 28)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Gregory A. Gilliss (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Valdis . Kletnieks (Sep 30)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 26)
- Re: CyberInsecurity: The cost of Monopoly Gregory A. Gilliss (Sep 26)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Fabio Gomes de Souza (Sep 28)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Florian Weimer (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Karl DeBisschop (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Michal Zalewski (Sep 28)