Forwarded from: H C <keydet89at_private> Cc: jerichoat_private, joe.duffyat_private Jericho, > Well, I think this pretty much establishes that Joe Duffy was not on > the net before 1995 or so. How so? The original design of ARPANet was all about sharing and allowing access to those who participated in the project. Mr. Duffy's statement would be in accordance with that historical, though perhaps anecdotal information. > That screams "upper management" and "i have a problem comprehending > a mouse with three buttons" to me. That's a pretty rough statement. Have you met Mr. Duffy? I'm assuming that since you didn't mention having done so, that you haven't. Steph Marr used to be the National Director for the InfoSec Practice at Predictive Systems...he was based out of Santa Cruz. Definitely upper management, but I'm reasonably sure he knows how to use a three-button mouse. > First, what is "pre-Internet" computing? Given the media and how they've mangled pretty much anything related to computing in general, I'd venture to guess that it refers to pre-GUI web surfing...pre-Berners Lee. > Since the Internet was basically founded/born/created in 1969, that > would put his statement somewhere between "absurd" and "fucking > stupid". I'd agree...but we don't know if your assumption regarding the timeline is correct. > I hate to be the one who beats Duffy with a clue-by-four Did Mr. Duffy write the article in question? Why not go after the author of the article? > Wonder if Duffy has installed a copy of NT or Linux lately and > noticed that the security posture screams "bend me over"? I'd guess > not. I'm with you...I don't think Mr. Duffy's installed anything lately. However, given his position and title, I'd have serious concerns if he had. He's at the level now where he considers the advice and input of folks who work for him. > > Other insights can be gleaned from ISS's inaugural quarterly > > report. > > I'd love to see the details that went into this study and figures. Well, the article says "ISS's inaugural quarterly report". If you want to see the details, go see them. > There seems to be a lot of leeway here as to what one considers > "attack", how you qualify seperate attacks, etc. Having worked with their products, and having chased ghosts...no one from tech support could tell me what are the details of the signature that triggers the "Napster_Long_Command" alert...and dealt with false positives (Internet Scanner 6.01 and prior would report AutoAdminLogon alerts if the Registry value was set to 0, signifying that the functionality did *not* exist) I'd agree that there is a considerable amount of leeway. However the only real way to judge the report would be, as you say, to get the details. After all, even Jay Heiser pointed out in his InfoSecurityMag column that the often-quoted CSI/FBI report "lacks...rigor". > All in all, I don't think these statements can easily be made short > of a lot more research. Agreed. Given the issues that many of us have seen w/ the ISS products, can one arbitrarily accept their 'findings'? After all, if RealSecure misidentifies alerts (are the signatures open to public examination??) and issues, what does that say about the report? GIGO? - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Apr 17 2002 - 03:49:03 PDT