Secure Coding mailing list archives
Re: informIT: Modern Malware
From: Martin Gilje Jaatun <secse-chair () sislab no>
Date: Wed, 23 Mar 2011 16:33:55 +0100
On 2011-03-23 00:57, Andy Steingruebl wrote:
On Tue, Mar 22, 2011 at 8:41 AM, Gary McGraw<gem () cigital com> wrote:
[...]
malware" as the AT&T guys sometimes think…you use it to find the kinds of bugs that malware exploits to get a toehold on target servers. One level removed, but a clear causal effect.Interestingly, your article only covers malware that gets installed by exploiting a technical vulnerability, not malware that gets installed by exploiting a human vulnerability (social engineering). I've been
[...]As someone once said: Idiot-proofing is difficult because the idiots are so ingenious...
I'm not sure if we really can protect ourselves against "stupid users" through secure coding. Marcus Ranum opined 5 years ago that even educating users is pointless, opting for some way of punishing them instead: http://www.ranum.com/security/computer_security/editorials/point-counterpoint/users.html
Can we idiot-proof computer systems without crippling them for the rest of us?
-Martin _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Re: informIT: Modern Malware, (continued)
- Re: informIT: Modern Malware Gary McGraw (Mar 23)
- Re: informIT: Modern Malware Andy Steingruebl (Mar 23)
- Re: informIT: Modern Malware Haroon Meer (Mar 26)
- Re: informIT: Modern Malware Gary McGraw (Mar 26)
- Re: informIT: Modern Malware Haroon Meer (Mar 26)
- Re: informIT: Modern Malware Gary McGraw (Mar 26)
- Re: informIT: Modern Malware Gunnar Peterson (Mar 26)
- Re: informIT: Modern Malware John Wilander (Mar 26)
- Re: informIT: Modern Malware Kevin W. Wall (Mar 26)
- Re: informIT: Modern Malware Gary McGraw (Mar 27)
- Re: informIT: Modern Malware Gary McGraw (Mar 23)
- Re: informIT: Modern Malware Arian J. Evans (Mar 26)
- Re: informIT: Modern Malware AK (Mar 26)