Date: Thu, 11 May 2000 12:39:04 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Paul Hart <hart@iserver.com> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <200005111639.MAA17559@khavrinen.lcs.mit.edu> In-Reply-To: <Pine.BSF.4.21.0005111014310.8386-100000@anchovy.orem.iserver.com> References: <200005111611.MAA17380@khavrinen.lcs.mit.edu> <Pine.BSF.4.21.0005111014310.8386-100000@anchovy.orem.iserver.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Thu, 11 May 2000 10:21:22 -0600 (MDT), Paul Hart <hart@iserver.com> said: > That's a scary thought. "Our security depends on all attackers being > stupid." No, not at all. Just because a security mechanism can be bypassed by an expert does not imply that it is totally useless. Security is still improved overall by being able to catch stupid attackers! > Shouldn't we work toward meaningful tools that cannot be > subverted even by the most skilled of attackers? That is certainly a worthwhile goal. However, there is a valid engineering trade-off between the value of a system and the cost of implementing more advanced security services. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005111639.MAA17559>