[64742] in North American Network Operators' Group
Fw: [Full-Disclosure] Gates: 'You don't need perfect code' for good security
daemon@ATHENA.MIT.EDU (james)
Fri Oct 31 17:02:06 2003
From: "james" <hackerwacker@cybermesa.com>
To: <nanog@nanog.org>
Date: Fri, 31 Oct 2003 15:00:58 -0700
Errors-To: owner-nanog-outgoing@merit.edu
One word.... HA !
james
----- Original Message -----
From: "Jeremiah Cornelius" <>
To: <full-disclosure@lists.netsys.com>
Sent: Friday, October 31, 2003 11:32 AM
Subject: [Full-Disclosure] Gates: 'You don't need perfect code' for good security
: -----BEGIN PGP SIGNED MESSAGE-----
: Hash: SHA1
:
: FLAME ON!
:
: http://www.itbusiness.ca/index.asp?theaction=61&sid=53897
:
: "But there are two other techniques: one is called firewalling and the other
: is called keeping the software up to date. None of these problems (viruses
: and worms) happened to people who did either one of those things. If you had
: your firewall set up the right way - and when I say firewall I include
: scanning e-mail and scanning file transfer -- you wouldn't have had a
: problem. But did we have the tools that made that easy and automatic and that
: you could really audit that you had done it? No. Microsoft in particular and
: the industry in general didn't have it."
:
: "The second is just the updating thing. Anybody who kept their software up to
: date didn't run into any of those problems, because the fixes preceded the
: exploit. Now the times between when the vulnerability was published and when
: somebody has exploited it, those have been going down, but in every case at
: this stage we've had the fix out before the exploit. So next is making it
: easy to do the updating, not for general features but just for the very few
: critical security things, and then reducing the size of those patches, and
: reducing the frequency of the patches, which gets you back to the code
: quality issues. We have to bring these things to bear, and the very dramatic
: things that we can do in the short term have to do with the firewalls and the
: updating infrastructure. "
: -----BEGIN PGP SIGNATURE-----
: Version: GnuPG v1.2.3 (GNU/Linux)
:
: iD8DBQE/oqq3Ji2cv3XsiSARAlkdAJ0aGkBViYkoE193iZycTmQZohzwbQCg1KDA
: SjPLY1EEzamQCtIGKwJT1Vk=
: =mIsY
: -----END PGP SIGNATURE-----
:
: _______________________________________________
: Full-Disclosure - We believe in it.
: Charter: http://lists.netsys.com/full-disclosure-charter.html
James Edwards
Routing and Security Administrator
jamesh@cybermesa.com
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
505-988-9200 SIP:1(747)669-1965
