On Sat, 4 Jun 2005, Darren Reed wrote:

> > No. It's like I have a viewpoint on how to setup, configure, and
> > manage a network which was formed years before UPnP was invented.

> Right and now that viewpoint is growing stale. The IT industry is
> very dynamic, you need to grow and move with the times or get left
> behind.

Security is about staid and static- that's part of the issue of why it's
difficult to inject it into companies that don't have a real driver for
it. Those very dynamics are WHY we have the problems we have today-
active content without a security model, protocols without any length
limits, closed systems being "Webified," loaders that run anything
dynamically. All these are the technological bits of the problem we face
daily. Security needs to be a governor on the dynamic.

> > I'm happier setting up a fileserver which does not
> > allow end-users shell access, for example, or which forbids setuid-
> > execution in the partition where user home directories are kept.

> *yawn*
> More chest beating. These things are "old hat".

Come on, "old hat" or "growing stale?" We don't get to have it both ways.

Trust takes time.

Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
firewall-wizards mailing list