> The reason I jumped on your post is because I strongly
> believe that in order for computer security to grow up and
> stop being an intellectual backwater - we need to apply a
> little science and attempt to accurately quantify what we
> are doing. That means no more analysts practicing
> proctological numerology, no more self-selected samples
> used in polls, no more proof by vigorous hand-waving.

The industry perhaps in worse shape then that, when marketing has taken
over it from the ground up so completely that if one actually did take
security serious and locked down their browsers, perhaps the most
exploited attack vector of the current decade, to the point they are
advised to, they'd not beable to cruise a single security site.

Kinda like how a parent might say do as I say, not as I do...


Ron DuFresne
admin & senior security consultant: sysinfo.com

....Love is the ultimate outlaw. It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice. Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question. The words
"make" and "stay" become inappropriate. My love for you has no
strings attached. I love you for free...
-Tom Robins

firewall-wizards mailing list