From: Samantha Atkins (samantha@objectent.com)
Date: Mon May 27 2002 - 00:56:41 MDT
Harvey Newstrom wrote:
>
>
> This is old news for people in the security community. The paper is
> based on data from a year ago. Security people have already been trying
> to get IT managers to consider this new class of threat. And they have
> already failed.
>
True that it is a threat. True that many of us, even not in the
security community, have grasped the possibilities long ago.
But even if you convinced the IT community, exactly how would
you defeat all possibility of this kind. As I am sure you are
aware, there is no such thing as full secure system. You can
raise the bar significantly though.
> The IIS vulnerability, e-mail executions, webpage exploits, Nima and
> Code-Red examples discussed in this paper are all Microsoft specific.
> Microsoft has already launched a campaign to claim that they have
> revamped security and are now the premier security platform. Managers
> have already dismissed these threats as being solved by Microsoft.
>
Oh! This is sad, really sad. Sometimes I wonder if there is
intelligent life on earth, or at least in IT management. :-)
> Of course, security professionals know that they are not. While
> security professionals applaud this new analysis of the threat, I doubt
> most IT managers would read such a technical paper.
>
If they aren't able or into reading such a "technical paper"
then precisely how are they quealified to be an IT manager? Do
we have to put on our own worms that monitor systems and
install significant safeguards?
- samantha
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:14:24 MST