Full Disclosure mailing list archives
Re: All China, All The Time
From: Bipin Gautam <bipin.gautam () gmail com>
Date: Tue, 19 Jan 2010 00:59:35 +0545
So, What is the cost of buying a fighter jet? What would be the cost of hardening windows (say) by default,straight out of Microsoft, with good defense in depth strategy (or least an ad-on)? ( Sometimes identifying your enemy is difficult than the battle itself and sometimes the battle exists within itself. ) How accountable should vendor be when it comes to security? The problem with with Microsoft is, even if i want to give up flexibility and wish more security there is still no easy way out by default. An example, a case of a mainstream company, Microsoft: * seeks help from an agency who prioritize on "collection efforts" over the defensive to help "secure?" their software. * Give away early patches to selected clients (which also CLEARLY means giving away 0-days information early) and many critical bug fixes remains un-patched for months/year. * Only and promptly sell customized/hardened version of Windows to "selected clients". Also, a number of solutions that actually works[1] has export control. So, like nuclear inspection, i think maybe, there should be an inspection agency under UN to monitor international software/hardware makers and make sure "Total Paranoia Module" (TPM) can be accomplished globally via transparency in the software development life-cycle of ICT products with international inspections to review quality of every software and hardware that is in international consumption and make sure it survives the hostility and will live the bureaucracy of cyberspace before it hits the market. Reality, unless government steps in for total control and security of cyberspace, the private sectors are more on their own to protect their ends. We can only coordinate and try to police each-other and work for common-defense? The way i see it, if you see it simple, the solution is quiet simple, if you make it complicated, you are right! [1] www.baesystems.com/ProductsServices/bae_prod_csit_xtsstop7.html Also check, http://lists.menog.net/pipermail/itpolicy-np/2010-January/000540.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: All China, All The Time, (continued)
- Re: All China, All The Time Christian Sciberras (Jan 15)
- Re: All China, All The Time Thor (Hammer of God) (Jan 15)
- Re: All China, All The Time Densmore, Todd (Jan 15)
- Re: All China, All The Time r00t (Jan 15)
- Re: All China, All The Time Marc Maiffret (Jan 15)
- Re: All China, All The Time Stack Smasher (Jan 15)
- Re: All China, All The Time Dan Kaminsky (Jan 15)
- Re: All China, All The Time Marc Maiffret (Jan 15)
- Re: All China, All The Time r00t (Jan 15)
- Re: All China, All The Time Anders Klixbull (Jan 18)
- Re: All China, All The Time Christian Sciberras (Jan 18)
- Re: All China, All The Time Bipin Gautam (Jan 18)
- Re: All China, All The Time Christian Sciberras (Jan 18)
- Re: All China, All The Time Bipin Gautam (Jan 18)
- Re: All China, All The Time Christian Sciberras (Jan 18)
- Re: All China, All The Time omg wtf (Jan 19)
- Re: All China, All The Time Ivan . (Jan 19)