[WEB SECURITY] honeymonkeys, client honeypots

Marian Ion marian.ion at e-licitatie.ro
Fri May 20 00:59:44 EDT 2005


And another thing you both forget to mention: regarding IT security, most people
is . uneducated, and with a dangerous sense of security (usually, pretty User
Interfaces suggest more trust, more confidence, more (false) sense of security),
even if you speak Linux or MS. One of the first necessary things is educate
users with at least a minimum knowledge about the dangers that lies behind a
pretty GUI, a "very_interesting.html.
exe", or other similar things.

On the other hand, an insecure Operating System cannot rely on 3rd party
security. It's . useless, as long as parts of the kernel, the tcp/ip stack, the
file system or other main OS components are vulnerable (both on MS or Linux, as
main OSs).

 

 

Marian Ion

 

 

 

 

  _____  

From: Tom P Kroll [mailto:TKroll at HINSHAWLAW.COM] 
Sent: Friday, May 20, 2005 4:33 AM
To: websecurity at webappsec.org
Subject: Re: [WEB SECURITY] honeymonkeys, client honeypots

 


MS should be spending its resources pro-actively
working on fundamentally more secure OS and application designs. 
As I understand it MS is exposing a select number of machines to high risk sites
to determine how the latest attacks work.  The information gained is used for
patches and, I'm sure, to help write tighter code for future software releases.
This sounds very pro-active to me.   

 ...this implies that micky$loth actually believes that I.E./Windows security is
such a lost cause that it's actually _easier_ to trawl (albeit automatically)
through the vast expanse of the web instead! 
I do not agree that this implies MS believes I.E. is a lost cause.  This is one
of many efforts being made by Microsoft in the continuing effort to secure our
systems.   Many companies are working hard in this effort and I applaud all of
them.   

Tom Kroll
Hinshaw & Culbertson LLP
Network Systems & Security Administrator
312 704 3345







Skip Carter <skip at taygeta.com> 

05/19/2005 07:32 PM 


To

websecurity at webappsec.org 


cc

simon.roberts at earthlink.net 


Subject

Re: [WEB SECURITY] honeymonkeys, client honeypots

 


 

 





> What appears to be most interesting to me, is that this implies that
> micky$loth actually believes that I.E./Windows security is such a lost
> cause that it's actually _easier_ to trawl (albeit automatically)
> through the vast expanse of the web instead! Good grief, what a
> confession that makes.

I wholeheartedly agree.  MS should be spending its resources pro-actively
working on fundamentally more secure OS and application designs.
It should leave the trolling for whats already out there to
Anti-virus/worm and other security organizations.



Skip



-- 
Dr. Everett (Skip) Carter           Phone: 831-641-0645 FAX:  831-641-0647
Taygeta Network Security Services   email: skip at taygeta.net
1340 Munras Ave., Suite 314         WWW: http://www.taygeta.net/
Monterey, CA. 93940            












---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20050520/8079db02/attachment.html>


More information about the websecurity mailing list