On Sat, 21 May 2005 06:36:29 PDT, Nora Barrera said:
> What's the use of security functions if they can be circumvented?
Rule #1 of security: It's never perfect.
Rule #2 of security: It's stupid to spend more effort on security than you
need to.
Rule #3 of security: Good security features raise
On Sat, 21 May 2005 23:03:01 BST, Colin said:
> how come the troll threads are always the longest?
It's springtime, and the trolls are looking for mates. The troll with the
longest is most likely to reproduce. Check the list archives in a few months -
if any of the trolls snag a mate, in a few mo
Malicious code can be run on any port, and even more malicious code
wont run with TCP ports anyways, it will use icmp or some other form
of ip protocol to bypass filtering software. Blocking ports does
increase the security of a system, but further measures are needed if
you wish to have a "secure"
how come the troll threads are always the longest?
:)
C
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Nora Barrera wrote:
> But those reports do not contain any valuable
> information for me. What kind of tests were done? How?
You should look into sections that cover test activity in the CEM.
(5.8, 6.8, 7.9, 8.9)
For EAL4 this would be the following.
8.9.2 Evaluation of Coverage (ATE_COV.2)
8.9.3
I read some time ago that malicious code when reporting home did not use
port 80 or any of the other well known ports used for simple internet
work. This means, as I understand it, that the home computer of the
malicious code is constantly listening on some port other than port 80.
Is it still
/*
* TCP does not adequately validate segments before updating timestamp value
* http://www.kb.cert.org/vuls/id/637934
*
* RFC-1323 (TCP Extensions for High Performance)
*
* 4.2.1 defines how the PAWS algorithm should drop packets with invalid
* timestamp options:
*
* R1) If
Nora Barrera wrote:
>I was told that "internal risk" is not taken into
>account in Japan. No employee would hack his own
>company.
>
>
The traditional employment system in Japan was "Shuushin Koyou".
You were basically assured your job until retirement.
So before there were any Information tech
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
--- [EMAIL PROTECTED] wrote:
> Ask the vendor for a copy of the evaluation report.
But those reports do not contain any valuable
information for me. What kind of tests were done? How?
It looks like security by obscurity.
> Note that the EAL and PP interact - a CAPP
> (Controlled Access) evaluat
--- HHikita <[EMAIL PROTECTED]> wrote:
> But you need a common vocabulary to describe
> security specifications.
This vocabulary should be understood by more than 100
people.
> How else would you expect to archive common
> recognition between all those countries. :-P
Is this even possible, cons
i was down pretty much all day
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
12 matches
Mail list logo
