[18313] in bugtraq
Re: "The End of SSL and SSH?"
daemon@ATHENA.MIT.EDU (Adrian Close)
Fri Dec 22 05:02:03 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.SGI.4.10.10012221241560.1099-100000@lion.aba.net.au>
Date: Fri, 22 Dec 2000 12:54:43 +1100
Reply-To: Adrian Close <adrian@ESEC.COM.AU>
From: Adrian Close <adrian@ESEC.COM.AU>
X-To: Kurt Seifried <listuser@SEIFRIED.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <014601c06b02$be8b9820$ca00030a@seifried.org>
On Wed, 20 Dec 2000, Kurt Seifried wrote:
> The main point of the article was to let people know that SSL and SSH
> are far from perfect, in fact I think they are pretty poor because
> they rely so heavily on the end user (usually the weakest link). This
* Security fundamentally relies on people, not technology. The technology
is a means to an end.
No amount of security software (SSL, SSH, DNSSEC, PKI or whatever) is
going to help if the people involved don't take on security conscious
behaviours. Conversely, used appropriately, these tools are excellent
aids to implementing effective network security.
This is almost certainly not news to anyone on the list, but probably
worth pointing out at this juncture. I also think it's worth preaching to
the unsuspecting public so they might have a chance of achieving some
reasonable level of security.
Adrian Close email: adrian@esec.com.au
Network Architect phone: +61 3 8371 5300
eSec Limited fax: +61 3 8371 5399
"Protecting your e-business..." web: http://www.esec.com.au
