Full Disclosure mailing list archives
Re: Remote Desktop Command Fixation Attacks
From: "C Q" <kyle.c.quest () gmail com>
Date: Sun, 14 Oct 2007 19:26:21 -0400
This wasn't a flame... It was a simple observation. Having read your reply I also see that you are trying to reinvent the wheel... when you talk about crisis management and other planning. Risk analysis, business continuity and disaster recovery planning, well prepared incident response procedures and policies, etc have been practiced by security professionals for quite a while, so they are not new concepts. There's still a lot of work to do when it comes implementing proper security and compliance solutions. Many companies either don't do it or don't do it effectively, but there has been some progress over the years. Many companies don't even have a CSO/CISO because security and compliance are only starting to gain the recognition they require. Obviously, there's much more work to do... and that's good for all of us in the information security business :-) As far as defense in depth goes, just like with everything else it can be improperly implemented to a point where it's ineffective or prohibitively disrupted to the business. Your example is a great example of that :-) However, it doesn't mean that the concept is useless. Simple analogy... Let's say I pick up a cook book to make a fancy dish, but I end up with something that can even turns my dog green :-) Does it mean that the recipe was bad or does it mean I shouldn't quit my day job to become a chef?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Remote Desktop Command Fixation Attacks, (continued)
- Re: Remote Desktop Command Fixation Attacks pdp (architect) (Oct 11)
- Re: Remote Desktop Command Fixation Attacks gboyce (Oct 11)
- Re: Remote Desktop Command Fixation Attacks Jim Harrison (Oct 11)
- Re: Remote Desktop Command Fixation Attacks Xo Plague (Oct 11)
- Re: Remote Desktop Command Fixation Attacks Pete Simpson (Oct 12)
- Re: Remote Desktop Command Fixation Attacks John C. A. Bambenek, CISSP (Oct 11)
- Re: Remote Desktop Command Fixation Attacks Thor (Hammer of God) (Oct 12)
- Re: Remote Desktop Command Fixation Attacks pdp (architect) (Oct 13)
- Re: Remote Desktop Command Fixation Attacks C Q (Oct 14)
- Re: Remote Desktop Command Fixation Attacks pdp (architect) (Oct 15)
- Re: Remote Desktop Command Fixation Attacks C Q (Oct 14)
- Re: Remote Desktop Command Fixation Attacks gjgowey (Oct 15)
- Re: Remote Desktop Command Fixation Attacks James (njan) Eaton-Lee (Oct 15)
- Re: Remote Desktop Command Fixation Attacks Valdis . Kletnieks (Oct 11)