re-member
BT Rep: +1
Well after reading this http://tooleaky.zensoft.com/ and yes I know its out of the year 2001, then for someone, with malicious intent, there is absolutely nothing to be done to protect one's computer/ property. (Apart from disconnecting it from the internet)
mostly harmless
Yes, that is quite an old article, and pretty outdated (although possibly zonealarm is still vulnerable to that sort of thing, I haven't used it for a while so I'm not sure)Originally posted by nigel123@10 May 2004 - 10:53
Well after reading this http://tooleaky.zensoft.com/ and yes I know its out of the year 2001, then for someone, with malicious intent, there is absolutely nothing to be done to protect one's computer/ property. (Apart from disconnecting it from the internet)
Shovel Ready
Leftism,
Several of your posts here refer to "overpaid, incompetant" system administrators.
I can only assume that you have had personal experience ( certainly traumatic) with such people.
I'm sure that they exist and of course, should be replaced.
But what of the good guys?
There must be some.
Even the best security can/will be breached by a determined and resourceful attacker.
One simply cannot foresee all the eventualities, nor take precautions against a new and unique method of attack.
You have also repeatedly stated that critical systems have no business being allowed access to/from the internet, but is this really possible?
If a computer is part of a network, ultimately isn't it reachable from the outside unless the entire network is a completly isolated closed loop?
How practical is that ?
Again, I stress my lack of knowlege in the area of networking on a large scale...perhaps you can enlighten me.
"I am the one who knocks."- Heisenberg
Poster
well he seems to have had help and now poeple who do as he has done will end up in jail.
Poster
Originally posted by J'Pol+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (J'Pol)</td></tr><tr><td id='QUOTE'>The victim is not the administrator, the victim is the owner of the system, whether it is a personal computer or a network (of whatever size). To use your own analogy - the victim is not the security guard, it is the owner of the building.[/b]
So when I initially suggested getting rid of these administrators, why did you bring up the issue of blaming the victim? It was you who equated administrators with victims J'Pol.
Originally posted by clocker+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (clocker)</td></tr><tr><td id='QUOTE'>Leftism,
Several of your posts here refer to "overpaid, incompetant" system administrators.
I can only assume that you have had personal experience ( certainly traumatic) with such people.
I'm sure that they exist and of course, should be replaced.
[/b]
It's funny you should mention that because my university was badly affected by the worm today. After all the publicity surrounding the worm, after the patches have been available from M$ they still got caught out. There is no excuse for that, it's pure negligence.
<!--QuoteBegin-clocker@
But what of the good guys?
There must be some.
Even the best security can/will be breached by a determined and resourceful attacker.
One simply cannot foresee all the eventualities, nor take precautions against a new and unique method of attack.
[/quote]
A resourceful attacker and a worm are very different. Worms almost always use vulnerabilities that have been known about for months and that have patches available to fix them. They also usually use ports that have no business being open to the internet in the first place.
If a very very skillful attacker broke into an organisation using exploits he's created himself then yes, I totally accept that there is not much the good guys can do about that. However worms are simple blunderbuss affairs that require at most a couple of clicks to protect against.
It is possible that the skillful attacker could create a worm using these techniques but... every worm that has made a serious impact in the last few years such as slammer, blaster and sasser were all of the blunderbuss variety. Crude weapons that even a half arsed attempt at security would foil.
<!--QuoteBegin-clocker
You have also repeatedly stated that critical systems have no business being allowed access to/from the internet, but is this really possible?
If a computer is part of a network, ultimately isn't it reachable from the outside unless the entire network is a completly isolated closed loop?
How practical is that ?[/quote]
Its very practical to do that. Networks are effectively broken up into segments and strict rules are (or should be) applied to what communications can travel between segments. Servers that require access to the net are often placed in "Demilitarized Zones" (DMZ) that are heavily quarantined from the rest of the internal network. Good administrators almost expect computers in the DMZ to get compromised at some point in the future and make sure that the attack goes no further.
To be specific about this recent worm, it appears to use ports 139 and 445. These ports are for offering files and printers over the network. There is no reason to offer remote drives and printing services to the whole internet so even computers in a DMZ should be completely safe. It really is as easy as clicking a few times on a firewall, or entering a few lines of text into a router.
Colinmaccs point about insurance companies is very apt. If insurance companies started treating these incompetents in the same manner they treat you or I if we leave our doors unlocked I am sure we would see a significant decrease in the damage these worms cause.
Error xɐʇuʎs
BT Rep: +1
So when I initially suggested getting rid of these administrators, why did you bring up the issue of blaming the victim? It was you who equated administrators with victims J'Pol. [/b][/quote]Originally posted by leftism+10 May 2004 - 16:11--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (leftism @ 10 May 2004 - 16:11)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-J'Pol
The victim is not the administrator, the victim is the owner of the system, whether it is a personal computer or a network (of whatever size). To use your own analogy - the victim is not the security guard, it is the owner of the building.
Well, they are victims in that it's their jobs that are on the line when things go wrong.
[/b][/quote]Originally posted by SnnY+10 May 2004 - 16:33--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (SnnY @ 10 May 2004 - 16:33)</td></tr><tr><td id='QUOTE'>Originally posted by leftism@10 May 2004 - 16:11
<!--QuoteBegin-J'Pol
The victim is not the administrator, the victim is the owner of the system, whether it is a personal computer or a network (of whatever size). To use your own analogy - the victim is not the security guard, it is the owner of the building.
So when I initially suggested getting rid of these administrators, why did you bring up the issue of blaming the victim? It was you who equated administrators with victims J'Pol.
At least this has cleared up one thing. It really is your comprehension skills which are at fault.
It is your inability to read what people post without putting your own spin / preconceived notion on it. That does make sense, not only here but elsewhere.
In a way I am glad, it makes a lot of sense in relation to much you have posted.
re-member
BT Rep: +1
*cough* Maybe we should apply the "Pinto" three steps method, it might help us understand each other better....Ok, ok I am off back to the lounge...
Poster
wtf? You contradicted yourself. How does that equate to me being at fault?Originally posted by J'Pol
At least this has cleared up one thing. It really is your comprehension skills which are at fault.
It is your inability to read what people post without putting your own spin / preconceived notion on it. That does make sense, not only here but elsewhere.
In a way I am glad, it makes a lot of sense in relation to much you have posted.
Lets go over this quickly
1. I argued that incompetent administrators should be held responsible for the level of unnecessary damage caused.
2. You objected to this on the grounds that it would equate to "blaming the victim".
3. You then stated that administrators aren't victims, thus making your original argument invalid.
You've now departed from the subject completely and seem intent on provoking a flame war. It's not going to happen J'Pol.
Mis-representing again, but now I know it is not your fault, so that's cool.
Posting Permissions
Reply With Quote
Bookmarks