Re: [ISN] Cracks in the Firewall

From: InfoSec News (isnat_private)
Date: Wed Apr 17 2002 - 00:27:47 PDT

  • Next message: InfoSec News: "[ISN] New internet legislation outlaws all hacking"

    Forwarded from: security curmudgeon <jerichoat_private>
    Cc: H C <keydet89at_private>, joe.duffyat_private
    > > Well, I think this pretty much establishes that Joe
    > > Duffy was not on the net before 1995 or so.
    > How so?  The original design of ARPANet was all about sharing and
    > allowing access to those who participated in the project.  Mr.
    > Duffy's
    "The [pre-Internet] computing technologies were designed to keep
    people out." - Duffy, from the article
    Huh? ARPANet was about sharing and ALLOWING access, you say. Duffy
    says it was about "keeping people out". I agree with you, thus my
    > > First, what is "pre-Internet" computing?
    > Given the media and how they've mangled pretty much anything related
    > to computing in general, I'd venture to guess that it refers to
    > pre-GUI web surfing...pre-Berners Lee.
    My point was, operating systems weren't geared for keeping people out
    back then, nor are they today.
    > > Since the Internet was basically founded/born/created in 1969,
    > > that would put his statement somewhere between "absurd" and
    > > "fucking stupid".
    > I'd agree...but we don't know if your assumption regarding the
    > timeline is correct.
    it doesn't matter about MY assumption. doesn't matter WHEN he is
    talking about. operating systems have never been designed to keep
    people out. look at a default installation of windows, irix, sunos,
    linux etc. compare it 10 years ago to today and they are all still
    installed with every service known to man open. that isn't "keeping
    people out".
    > Did Mr. Duffy write the article in question?  Why not go after the
    > author of the article?
    i will. i do that in a different forum (errata on attrition)
    > > Wonder if Duffy has installed a copy of NT or Linux lately and
    > > noticed that the security posture screams "bend me over"? I'd
    > > guess not.
    > I'm with you...I don't think Mr. Duffy's installed anything lately.  
    > However, given his position and title, I'd have serious concerns if
    > he had.  He's at the level now where he considers the advice and
    > input of folks who work for him.
    that speaks worse then. if PWC tech people are telling him that
    default installs of red hat or solaris or irix or NT are done so to
    "keep people out", then there should be serious concerns at all levels
    about their consultants.
    > > I'd love to see the details that went into this
    > > study and figures.
    > Well, the article says "ISS's inaugural quarterly report".  If you
    > want to see the details, go see them.
    they don't release the details. they release the final glossy report.
    > > There seems to be a lot of leeway here as to what
    > > one considers "attack", how you qualify seperate 
    > > attacks, etc.
    > Having worked with their products, and having chased one
    > from tech support could tell me what are the details of the
    > signature that triggers the "Napster_Long_Command" alert...and dealt
    > with false positives (Internet Scanner 6.01 and prior would report
    > AutoAdminLogon alerts if the Registry value was set to 0, signifying
    > that the functionality did *not* exist) I'd agree that there is a
    > considerable amount of leeway.  However the only real way to judge
    > the report would be, as you say, to get the details.  After all,
    > even Jay Heiser pointed out in his InfoSecurityMag column that the
    > often-quoted CSI/FBI report "lacks...rigor".
    Something I have been saying for years, specifically about the CSI/FBI
    report. Unfortunately, years later someone finally voiced my same
    concerns and got it heard by a wider audience.
    That was the first page I dedicated to questionable stats, and you
    will notice halfway down the CSI/FBI stats.
    > > All in all, I don't think these statements can
    > > easily be made short of a lot more research.
    > Agreed.  Given the issues that many of us have seen w/ the ISS
    > products, can one arbitrarily accept their 'findings'?  After all,
    > if RealSecure misidentifies alerts (are the signatures open to
    > public examination??) and issues, what does that say about the
    > report?  GIGO?
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Apr 17 2002 - 03:50:51 PDT