Re: [ISN] This computer security column is banned in Canada

From: InfoSec News (isnat_private)
Date: Thu Jun 12 2003 - 00:40:01 PDT

Next message: InfoSec News: "[ISN] Turning the SEGA Dreamcast into a Linux firewall/router"

Previous message: InfoSec News: "[ISN] County board can't hack an unsafe network"
Maybe in reply to: InfoSec News: "[ISN] This computer security column is banned in Canada"
Next in thread: InfoSec News: "RE: [ISN] This computer security column is banned in Canada"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Mark Bernard <mbernardat_private>

Nice Tony,

You are absolutely correct!!

Obscurity does not make a problem go away, if fact it does nothing to
solve the problem. What it does do is increase the risk of the
vulnerability becoming exploited. Obscurity is not a form of risk
acceptance but rather a form of plain ignorance.

Like most counter measures we need to understand the problem before
solving it. The bad guys are writing malicious code so why don't the
good guys learn how to do it to so that they can mitigate the
likelihood of exploitation.

When we do vulnerability assessments or security assurance reviews we
write code, check standards, policies and back doors etc... Learning
to write malicious code is just another tool for the old tool box.


Best regards,
Mark, CISM.


----- Original Message ----- 
From: "InfoSec News" <isnat_private>
To: <isnat_private>
Sent: Thursday, June 05, 2003 5:39 AM
Subject: RE: [ISN] This computer security column is banned in Canada


> Forwarded from: Tony | AVIEN / EWS <tonyat_private>
> Cc: steveat_private, Robat_private
>
> There are articles and papers everywhere talking about why Security
> Through Obscurity doesn't work as an effective security measure. It is
> a bureaucratic dream that if only you pretend the problem doesn't
> exist or hide its existence from the general population that the
> problem will go away.
>
> Do the students have to develop new viruses to learn about viruses-
> no. But, to quote Albert Einstein "You cannot solve the problem with
> the same kind of thinking that has created the problem."
>
> I think that to develop the next generation of virus defense we need
> people to get into the minds of the virus writers and think like them-
> use their tools, work the way they work. Maybe by doing so they can
> find the chinks in the armor before the bad guys and develop proactive
> tools instead of the reactionary virus defense we currently have.
>
> Read the article I wrote on this controversial topic:
> http://netsecurity.about.com/cs/generalsecurity/a/aa060303.htm
>
>
> Tony Bradley, CISSP, MCSE2k, MCSA, MCP, A+
> About.com Guide for Internet / Network Security
> http://netsecurity.about.com
>
> Click here to sign up for the weekly Internet / Network Security
> Newsletter: NetSecurity Newsletter



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Turning the SEGA Dreamcast into a Linux firewall/router"
Previous message: InfoSec News: "[ISN] County board can't hack an unsafe network"
Maybe in reply to: InfoSec News: "[ISN] This computer security column is banned in Canada"
Next in thread: InfoSec News: "RE: [ISN] This computer security column is banned in Canada"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 12 2003 - 03:08:23 PDT