Re: I wrnd u abt ths ...

[Rich Kulawiec <rsk () gsp org>]

On Thu, Jun 18, 2009 at 05:51:56PM -0400, Michael Graham wrote:
> Yea, it's the beginning of side channel social networking attacks, and there
> really isn't anything you can do about it.  Your users are not going to
> ignore links from their buddies on twitter or facebook or whatever those
> damn kids are using these days.  They could even confirm that there was a
> link intended before clicking through (not that they would, but if they did,
> it still wouldn't protect them).
> You're either going to have to have perfect patching processes and stack
> protection on every client, or you're going to have to start treating your
> user space as inherently hostile.

I concur -- and I've treated user space as hostile for many years.
Your/my/our own users have always been the greatest threat to security.

(This is one of many reasons why I advocate what I call the "submarine"
model of networking: watertight hatches between compartments, open only
as far as is necessary, able to be slammed shut at the first sign of
trouble.  But it's proven to be quite difficult to convince the PHBs
of the world that it's important to firewall (say) marketing off
from engineering and vice versa.  "But we all work for the same company!"
they say, and I say "Yes, that's exactly why it should be done."  What
follows are -- and credit to Don Henley here -- uncomprehending looks,
like cows at a passing train.)

---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.