.:: Bots United ::. - View Single Post

Onno Kreuzinger · **Re: Google gets nuts -** 09-02-2004

Hi,
sercirity is not done in soft or hardware (which is just unflexible software). security is a question of concept, they simply don't want to make it the save way.
i worked for some sw companies, they all got pissed when i told them that buying some hardware would just make other people rich, but instead they would have to stop doing silly stuff: M$ internet software [allow me to i'm in within 14 days]; unrestricted phone access (every laptop has a modem); fully filtered and analysed http proxy only suitable for google (http tunnels are avail under GPL), a dictionary and other non-script inforation pages; no storage outside the personal liable IT admin's controll (no cdr/floppy, no lap top's); all remote work done using terminal services;...

and at position 50+ you will find things like better use DES3 instead of DES, since hacking DES is far more trouble some that building a trojan with a win32 kit, make it encrypted and compressed. put up a website some developer will have intresst in (does he like ducati, moutainbiking ar aleik); lead him there with spam or postings on his favourite board and GOTTCHA

i think you now can imagine how easy it is to do bad things, and having a second firewall is useless, it won't filter http on per request base, and wont stop your employees to fall in love with cheap social engeneering i can buy for less than a security concept...

cheers

	(#7)
Onno Kreuzinger aka: memed / Server Admin Status: Offline Posts: 705 Join Date: Jan 2004 Location: germany	Re: Google gets nuts - 09-02-2004 Hi, sercirity is not done in soft or hardware (which is just unflexible software). security is a question of concept, they simply don't want to make it the save way. i worked for some sw companies, they all got pissed when i told them that buying some hardware would just make other people rich, but instead they would have to stop doing silly stuff: M$ internet software [allow me to i'm in within 14 days]; unrestricted phone access (every laptop has a modem); fully filtered and analysed http proxy only suitable for google (http tunnels are avail under GPL), a dictionary and other non-script inforation pages; no storage outside the personal liable IT admin's controll (no cdr/floppy, no lap top's); all remote work done using terminal services;... and at position 50+ you will find things like better use DES3 instead of DES, since hacking DES is far more trouble some that building a trojan with a win32 kit, make it encrypted and compressed. put up a website some developer will have intresst in (does he like ducati, moutainbiking ar aleik); lead him there with spam or postings on his favourite board and GOTTCHA i think you now can imagine how easy it is to do bad things, and having a second firewall is useless, it won't filter http on per request base, and wont stop your employees to fall in love with cheap social engeneering i can buy for less than a security concept... cheers