|
These are my opinions only and not necessarily those of my employer... Let me reiterate one more time. I think this is an important issue that people should be aware of and trying to make them aware of it is a worthy goal. What I disagree with is the venue chosen (bugtraq) and the wording of the post. Bugtaq was not appropriate because the people that happen to follow it closely assume that anything posted pertains to vulnerabilities inherent to OSes and packaged software. Then to exacerbate the inappropriateness of the venue, it identifies the wrong components as the culprit. Putting this on bugtraq is a bit like putting up posters in McDonald's saying that Big Macs cause heart attacks. It implies only Big Macs (which IS inaccurate) and doesn't really provide any useful information that people can use to make rationale decisions about their behavior. In my opinion, the problem is not FTP or IFS or OS400. The problem is that in today's environments you cannot properly secure your systems without an exclusionary access control model. Exit points are not an alternative to access control. They augment access control in some useful ways, but they are not a substitute for it. Pat Botz
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
