Date: Tue, 21 Jul 1998 16:26:51 -0400 (EDT) From: "Matthew N. Dodd" <winter@jurai.net> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: Why is there no info on the QPOPPER hack? Message-ID: <Pine.BSF.3.96.980721161513.10970x-100000@sasami.jurai.net> In-Reply-To: <199807211952.NAA15969@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 21 Jul 1998, Brett Glass wrote: > At 03:34 PM 7/21/98 -0400, Matthew N. Dodd wrote: > >If you're not able so stand on the line and keep watch, set procmail up to > >turn down your network every time a Bugtraq message with 'exploit' and > >'foo' turns up. > > In other words, make the system self-destruct when I stop watching long > enough to have a life. Really practical. To quote Robert De Niro in _Heat_ , "Thats the dicipline..." I'm taking the side of devil's advocate here; some has to. I could easily take your side and argue it as well. Security means constant vigilance; you can't let down your guard. If your desire to have a life conflicts with this vigilance, you or your employer need to make adjustments. Free software isn't for everyone. If you are the only one standing on the line, maybe your shop is understaffed. Bring this up with your boss; misrepresenting the costs of doing business is nearly always fatal. While we can strive to make software better, the reality is that we will have limited success, and only slow the tide of problems with poorly written software. We may try to implement automated tools to make our lives easier; these do not provide a substitue for our watchful vigilance. As others have said, a patch was posted for the problem the same day, where were you? Keep in mind that a $5.50/hr person to read bugtraq and rootshell and others may well be worth having if it means you get immediate notice of problems. Such people should not be difficult to come by, but few of them will last past six months. You seem to dislike the solutions I propose that don't satisfy your sense of asthetics. While paying for a solution may not be pretty, sometimes its the only efficient choice. /* Matthew N. Dodd | A memory retaining a love you had for life winter@jurai.net | As cruel as it seems nothing ever seems to http://www.jurai.net/~winter | go right - FLA M 3.1:53 */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980721161513.10970x-100000>