__/ [ BearItAll ] on Friday 27 April 2007 12:04 \__
> Roy Schestowitz wrote:
>
>> Schneier questions need for security industry
>>
>> ,----[ Quote ]
>> | "We shouldn't have to come and find a company to secure our e-mail.
>> | E-mail should already be secure. We shouldn't have to buy from
>> | somebody to secure our network or servers. Our networks and servers
>> | should already be secure."
>> `----
>>
>> http://news.zdnet.com/2100-1009_22-6179500.html
>>
>
> He is so right, I have said this right from the start, it is the OS's job
> to make the OS secure and the applications should simply make use of the
> security that the OS provides.
>
> As in his example with emails. Any tom dick or harry should be able to put
> together an email client without ever thinking of security. He simply
> tickles the service provided by the OS which hands him the emails that came
> in through the secure connection. The OS knows about the security, the
> application doesn't need to know.
>
> Symantec and Mcafee etc should never have been needed at all. Their have MS
> stupidity to thank for their success. But of cause MS has Symantec and
> Mcafee to thank for the fact that without them MS Win would have been
> impossible to use long ago, MS did nothing about virus's and security,
> imagine the situation of all of those virus's we have all fought with
> manually in the past having free reign, they were coming thick and fast at
> one time, when Norton was less quick with repair scripts and then
> protection. No one would have been able to use MS Windows if Norton hadn't
> been there to help us.
>
> That is why I firmly believe that security has to be taken out of MS's
> hands, they have to be forced to make themselves secure or let in someone
> who can make them secure.
>
>> Pentagon 'hacker' questions US cost claims
>>
>> ,----[ Quote ]
>> | Only the Law Lords now stand between the Scot and a US trial for
>> | allegedly breaking into and damaging 97 US government computers
>> | between 2001 and 2002 and causing an estimated $700,000 worth of
>> | damage, in what US authorities have described as the "biggest
>> | military" computer hack ever.
>> `----
>>
>> http://www.theregister.co.uk/2007/04/26/mckinnon_infosec/
>>
>
> Sorry son you did the deed and letting you off would do more harm than
> good. Too many of your fellow IRC Hack Club members would see that as a
> green light to go ahead with their little hobby. So long as the US pay his
> legal fees of cause.
>
> At the same time, make your techniques very public so that the US military
> can have someone come in and plug the gaping holes in their security. US
> military security is really world security, I'd bet anything that the
> software line to the big red button isn't as secure as it ought to be. I
> never did believe the circus act with the two keys and red book with codes
> in it, it was too feeble, in the event of needing it you had to ensure that
> the other guy with the other key hadn't nipped out to the carpark to have a
> cigarette and the red book hadn't had coffee spilled on it. Call me a cynic
> if you like but that lot never did convince me.
When I was much younger (maybe 12), some guy penetrated the Pentagons PCs.
FBI agents turned up in him house, all out of the blue. Rather than being
punished, he got hired. He informed them about the problems. I think he
later found great success as a security guy, but I lost track of that one.
--
~~ With kind regards
Roy S. Schestowitz | "Beauty is in the eye of the beerholder"
http://Schestowitz.com | GNU/Linux ¦ PGP-Key: 0x74572E8E
Mem: 514480k total, 494824k used, 19656k free, 5272k buffers
http://iuron.com - next generation of search paradigms
|
|
