 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, 28 May 2003 13:36:29 -0400 (EDT) "Rich Braun" <richb at pioneer.ci.net> wrote: > Tone it down a little, please. I have worked in the industry and have > been familiar with the issues since 1979, and admit full well where my > weaknesses as well as strengths are. I'm not as daft as you're making > me out to be. > > Would anyone other than Derek care to comment on this topic? On Tue, 27 May 2003 15:33:10 -0400 Derek Martin <blu at sophic.org> wrote: > Your argument is wrong. Changing the model will only change the > attackers' strategy. Real crackers (those who write the scripts, > rather than those who only use them) have proven to be exceedingly > patient, and exceedingly resourceful. Until software is bug free, > there will always be exploits. I both agree and disagree with this. First, I think that we do not have the technology to create truly bug-free software. (I once worked on a system that claimed "provably correct software", and we can discuss this in another subject). I've seen software that contained latent bugs for many years. A bug can be a coding error or an error in the design. And bugs frequently show up when a system is modified for some reason. However, many of our systems are not designed with security in mind. Windows 9x is an excellent example of that. However, one can design an architecture with security being one of the design goals. By changing the architecture we will change the attackers' strategy. But, in doing so, we can make it more difficult for them, but they will find a way. The ultimate bottom line is "there will always be exploits". Just as there is no such thing as an escape-proof prison, there is no such thing as an attack-proof system. -- Jerry Feldman <gaf at blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.blu.org/pipermail/discuss/attachments/20030528/e1e1f525/attachment.sig>
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
