Full Disclosure mailing list archives
Commercial pressure as a threat to security
From: "Daniel Sichel" <daniels () Ponderosatel com>
Date: Tue, 6 Dec 2005 07:55:55 -0800
Content-Type: text/plain Commercial pressures are just as harmful to security as are complexity
and ignorance.
Regards, Jason Coombs jasonc () science org
That is a profound insite (at least for me). It crystalizes what I have experienced for many years and am about to again. My company is about to add a web server for customers to use to pay bills and order service. When I was told this, I immediately requested permission to use OpenBSD and Apache. I was told that I have to use IIS because the people programing the app on the site only know .net. I am very concerned about their expertise and respect for security. I would bet a stale donut against the equity in my house (I live in Ca. so don't laugh) that there will be exploitable chunks of code. Add to that the inherent risk of IIS and I am very afraid. However, we WILL deploy this, and soon. No matter that I am no IIS expert (I'm a Cisco guy, thank G-d) and our other admin is 22 years old. At least I may be able to get an OK to have somebody (hopefully competent) test it, but does that tell me what to look for in logs? No. Or how to monitor this hideous cukoos' egg? No. Seems like a recipe for trouble, but this is typical. Well acually not, usually people in my position don't have the money for a security consultant, so they are even more naked than I am going to be. Anyhow, Jason summed this up elegantly and succinctly. Is anybody addressing this problem with cheap software a small business can afford, even to test just the basics? Dan S. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Commercial pressure as a threat to security Daniel Sichel (Dec 06)
- Re: Commercial pressure as a threat to security Valdis . Kletnieks (Dec 06)