On Tue, 28 May 2002 12:05:43 -0600 (MDT) Alfred Huger <ahat_private> wrote: > http://www.nextgenss.com/news/vna.html It won't make any difference whatsoever. It's time to realize that 'we' don't make any difference. Vendors still don't react to problems, silly bugs are still present in software, admins still don't patch/upgrade, users still click on attachments and download screen savers. Management still wants security audits so that they can blame the security company later when they get hacked. Client's admins still look interested when you explain them security issues, but moment you're gone things are back to 'normal'. Blame game (vendor/client) will go on for years to come - client can't fix the security problems because it will break critical production apps and vendor will keep on explaining how having world-writable /.rhosts is not a problem. You just CAN'T do anything about that (unless some serious money is lost). No matter what 'we' do, things will remain the same, since 'we' don't have any authority. All the authority 'we' *think* 'we' have is in our small security world. John Doe couldn't care less what 'we' think or do. My guess is that soon some 'organizations' will be formed by govts, and will decide to "take over" the security issues, since it is obvious that Internet and its' users can not do it on their own (we're all small kids, and big daddy will take care of us). Side-effect might be a feature which will enable naughty 'researchers' to spend more time in jail than someone who rapes or kills. People are scared of what they don't understand. Simple as it. And 99% of the planet (all govt and policy makers included) don't understand security... Vanja ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed May 29 2002 - 08:21:44 PDT