Re: A new level of sophistication in cyber security

From: Eugene Leitl (eugene.leitl@lrz.uni-muenchen.de)
Date: Sat May 20 2000 - 03:46:44 MDT


Dan Fabulich writes:

> So, it's true that this won't affect any non-Microsoft operating
> system (since the VBScript won't work there), but mailers like Eudora
> are still vulnerable to these e-mails. Anybody foolish enough to
> double click on the VBS in Pegasus Mail will wish they hadn't.

Anyone who's using an operating system with a flea bag of known
vulnerabilities (whom the producer has been acknowledging for years
"it's not a bug, it's a feature", yet failing to fix) for
production/mission critical purposes is foolish indeed.

Don't blame the vendor, blame the luser. However, it is elite's
calling to be more vocal in educating the public, and insulate
themselves from the public, lest the damage will radiate in their
domain, bringing the whole house of card crashing down. The digerati
have failed to address these points quantitatively. The damage to
economy, limited productivity as result of widespread use of broken
tools and lunatic securety policies touch as all.

Linking projects/standards to a (small group of) noncommercial
individual(s), and using digital signatures as unforgeable golden seal
of approval should prevent brand dilution/namespace point usurption by
in-diffusion of idiots (once the project becomes attractive enough to
be used), and from standard embrace-and-extend stratagems of
commercial vendors. Standards mature enough to be sustainable won't be
produced by the market, where agents are interested in balcanisation
and binding of the customer to their product.

Pfaugh.



This archive was generated by hypermail 2b29 : Thu Jul 27 2000 - 14:11:26 MDT