Author Topic: Security Absurdity  (Read 1544 times)

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
Security Absurdity
« on: November 29, 2006, 05:34:04 AM »
The Complete, Unquestionable,
And Total Failure of Information Security.

A long-overdue wake up call for the information security community.
by Noam Eppel
Vivica Information Security Inc.

QUOTE
Boiling Frog Syndrome

They say if you drop a frog in a pot of boiling water, it will, of course, frantically try to scramble out. But if you place it gently in a pot of tepid water and turn the heat on low, it will float there quite complacently. As you turn up the heat, the frog will sink into a tranquil stupor and before long, with a smile on its face, it will unresistingly allow itself to be boiled to death. The security industry is much like that frog; completely and uncontrollably in disarray - yet we tolerate it since we are used to it.

http://www.securityabsurdity.com/failure.php

update

QUOTE
It has been six months since my article was posted and sadly the security situation is only getting worse. The Cyberworld has progressed merely from the Wild West to the 1920s mob-controlled urban centers. Shortly after my Security Absurdity article was posted online, we witnessed a remarkable series of events when cybercriminals forced Blue Security, an innovative anti-spam security company, out of business. This incident demonstrated quite dramatically that cybercriminals are indeed currently winning the battle.

http://www.securityabsurdity.com/comments.php

/.

Offline Paddy

  • Administrator
  • TS Addict
  • *****
  • Posts: 13797
    • View Profile
    • https://www.paddyduncan.com
Security Absurdity
« Reply #1 on: November 29, 2006, 06:24:34 AM »
I don't know, SB. As one of the comments stated, t'ain't the Internet that's broken so much as MS Windoze...a large number of the issues that he names (spyware etc.) are directly related to the insecurity inherent in Windows. dry.gif

QUOTE
The internet is not broken, M.S. Windows is. The issue of unwanted email (spam) warrants some changes in the underlying structure, but the other problems are really OS problems, and Windows bears the brunt of responsiblity for this. Major structural changes to how the internet works would be unwise, and probably open up more control by either the government or Microsoft. Neither are desireable or beneficial for the end user. So who really benefits from this FUD about the internet being broken?  Not too difficult to figure out...


More thoughts/comments:

http://blogs.download.com/Spyware-Hunt/post.php?p=1022

Comment from Rick Wanner at SaskTel from the original article:

QUOTE
The security vendors make and so called security professionals keep deploying technology that is ill-conceived, flawed, and overly complex. Why? To attempt to satisfy protecting application technologies that are ill-conceived, flawed, and overly complex.


And Eppel himself goes on to discuss Windows at length at the end of the comments section.

My chief worry in all this is that those who haven't a CLUE about the internet (politicians etc.) will latch onto this and suddenly we'll find ourselves with "solutions" that are far, far worse than any of the problems. It happened in education (NCLB).
"If computers get too powerful, we can organize them into committees. That'll do them in." ~Author unknown •iMac 5K, 27" 3.6Ghz i9 (2019) • 16" M1 MBP(2021) • 9.7" iPad Pro • iPhone 13

Offline kps

  • TS Addict
  • *****
  • Posts: 1693
    • View Profile
    • http://
Security Absurdity
« Reply #2 on: November 29, 2006, 08:51:30 AM »
Great article and followup. Thanks for the links.

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
Security Absurdity
« Reply #3 on: November 29, 2006, 06:21:22 PM »
I don't know, SB. As one of the comments stated, t'ain't the Internet that's broken so much as MS Windoze...a large number of the issues that he names (spyware etc.) are directly related to the insecurity inherent in Windows. dry.gif


I have to agree Paddy and tomorrow the new MS software will be released and hopefully it will address its security flaws. Keep in mind that if the new OS checks security, then, many jobs will be lost and the wired-world’s economy will be seriously affected, IMO. I’ve always been skeptical of Windows and the Politics of Economics. From what I have read and just heard on NBR is that Bill Gates himself stopped the release of Windows Vista in midstream to address security concerns, so I’m optimistic, going forward that less of my time will be spent chasing criminals and more time dedicated to production. wink.gif

Listing Exploitable Servers
http://www.njabl.org/
http://www.dnsbl.org/
http://www.us.sorbs.net/
http://www.mxtoolbox.com/

Test filter to determine spam

http://spamassassin.apache.org/tests_3_1_x.html

and though I’ve learnt much traveling this avenue of the sleuth, if the OS’s are secure then all my effort will be left without application. Not that I think that security will not be an issue, it will, but it will be in different areas and thus a never ending learning curve as Leopard and Vista play in my sandbox. wink.gif

Only the Professional issue of Vista will be allowed to be emulated, so if you want to use Vista on a PPC chip in VPC you’ll need to spend $$$$+.