Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] Security Guru Argues Security Industry Never Should Have Existed

In comp.os.linux.advocacy, Roy Schestowitz
<newsgroups@xxxxxxxxxxxxxxx>
 wrote
on Fri, 27 Apr 2007 10:24:14 +0100
<2444182.7coFiuDMhe@xxxxxxxxxxxxxxx>:
> Schneier questions need for security industry
>
> ,----[ Quote ]
> | "We shouldn't have to come and find a company to secure our e-mail.
> | E-mail should already be secure. We shouldn't have to buy from
> | somebody to secure our network or servers. Our networks and servers
> | should already be secure."
> `----
>
> http://news.zdnet.com/2100-1009_22-6179500.html
>
> Guess whose direction the finger is pointed at?

Email never *was* secure; it's subject to eavesdropping.
Admittedly, there's not a lot that one could do about
it back then; RFC822 (SMTP) is clearly before RFC2246
(SSL/TLS).  Hopefull there's an RFC for SSMTP (if I am
correct in assuming that SSMTP = SMTP + SSL/TLS) but I'd
have to look.  Wiki knows nothing; Google is pointing me
at a Debian archive and at a HalfBakery blog article which
suggests eaxactly this.

Annoyingly, there's also a Gentoo security alert, though
I don't think it's current.

http://www.gentoo.org/security/en/glsa/glsa-200404-18.xml

(the package database suggests the current version is 2.61-r2;
the alert references 2.60-7.)

>
> And now we have SPAM:

I'm assuming "now" = "for the last 8 years or so". ;-)

>
> Five Days of Project Honey Pot Announcements
>
> ,----[ Quote ]
> | Check these pages throughout the week to learn more about new
> | features and initiatives to help take back the Internet from the
> | spammers.
> `----
>
> http://www.projecthoneypot.org/5days_monday.php

Neat.  Don't know as to its efficacy but it's a start.
They've not announced Friday's entry yet.

>
> Scapegoats:
>
> Pentagon 'hacker' questions US cost claims
>
> ,----[ Quote ]
> | Only the Law Lords now stand between the Scot and a US trial for 
> | allegedly breaking into and damaging 97 US government computers 
> | between 2001 and 2002 and causing an estimated $700,000 worth of
> | damage, in what US authorities have described as the "biggest
> | military" computer hack ever.
> `----
>
> http://www.theregister.co.uk/2007/04/26/mckinnon_infosec/
>
> Money exchanged for seemingly-pointless software:
>
> Websense buys Surf Control
>
> ,----[ Quote ]
> | Websense is bulking up to take on the big IT security vendors by buying
> | Surf Control, the British censorware developer, for £201m ($400m) cash.
> `----
>
> http://www.theregister.co.uk/2007/04/26/websense_buys_surf_control/
>
> SPAM and viruses for the user's enjoyment:
>
> Hackers debut spam and virus sandwich
>
> ,----[ Quote ]
> | Hackers have combined spam and malware together in a single email threat.
> `----
>
> http://www.theregister.co.uk/2007/04/26/spam_malware_convergence/

Hm.  And here I thought they were already doing that sort of thing.

-- 
#191, ewill3@xxxxxxxxxxxxx
/dev/signature: Not a text file

-- 
Posted via a free Usenet account from http://www.teranews.com


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index