sl ayi ng sl ayi ng uni x ve ndor uni x ve ndor m m yt hs
play

Sl ayi ng Sl ayi ng Uni x Ve ndor Uni x Ve ndor M M yt hs yt - PDF document

Oct 23, 2023 •40 likes •90 views

Slaying Unix Vendor Myths Sl ayi ng Sl ayi ng Uni x Ve ndor Uni x Ve ndor M M yt hs yt hs M i ke O Connor m j o@ doj o. m i . or g Si l i con Gr aphi cs a. k. a. SGI Over 20 year s caus i ng Havoc i n t he I ndus t r y Top

  1. Slaying Unix Vendor Myths Sl ayi ng Sl ayi ng Uni x Ve ndor Uni x Ve ndor M M yt hs yt hs M i ke O’ Connor m j o@ doj o. m i . or g Si l i con Gr aphi cs a. k. a. SGI Over 20 year s caus i ng Havoc i n t he I ndus t r y Top 10 M yt hs About Uni x Ve ndor s and Se c ur i t y FIRST 1

  2. Slaying Unix Vendor Myths - M YTH 10 - Vendor s NEVER r es pond when s ent a s ecur i t y pr obl em . � W e do r e a d BugTr a q a nd f r i e nds � >50% of wha t we r e c e i ve i s B. S. � SPAM , SPAM , SPAM . . . a nd Kl e z! - M YTH 9- Thos e vendor s t ake FOREVER t o r es pond. � A m ont h i s NOT 6 da ys � W e c a n’ t r e t a l i a t e . . . e ve n t o t he “ r e s pe c t a bl e m e m be r s of t he s e c ur i t y c om m uni t y” - M YTH 8- Vendor s do NOT f i x t hi ngs . � “ I r e a d on ZDNe t … ” � Do you r e al l y r e al l y be l i e ve e ve r yt hi ng you r e a d? ? ? ? ? ? ? ? ? FIRST 2

  3. Slaying Unix Vendor Myths - M YTH 7- I f you woul d onl y wr i t e GOOD s of t war e. � M y gi r l f r i e nd i ns i s t s on t hi s que s t i on: � How ma ny of you ha ve be e n de ve l ope r s ? � Expor t Cont r ol � Thi r d Pa r t y St or a ge � Ha r dwa r e Bugs , a nyone ? H ar dw ar e Bugs � Non Exe c Spa c e St a c ks i n CPU De s i gn � FI PS- 180 Ra ndom ne s s � St a t e m e nt of Vol a t i l i t y � TOE, SSL Ac c e l e r a t i on � Ha r dwa r e Engi ne e r s ( E. E. ’ s ) - M YTH 6- Uni x Vendor s wor k wi t h i nt r us i on det ect i on and hos t har deni ng vendor s . � W he n I SS s a ys s ome t hi ng. . . � Sc a nne r r e por t s no pr obl e m s but . . . � Sc a nne r Ve ndor s a nd Uni x Ve ndor s do NOT t a l k t o one a not he r . FIRST 3

  4. Slaying Unix Vendor Myths - M YTH 5- Vendor s ar e agai ns t FULL DI SCLOSURE. � Ful l Di s c l os ur e i s NOT I m m e di a t e Di s c l os ur e . � Gr a dua t e d Di s c l os ur e i s BAD � #include <snmp-horror-story.h> � Re c e nt RFC not i ns t i t ut e d by M i c r os of t . � OI S, t he Or ga ni z a t i on f or I nt e r ne t Sa f e t y a nd be yond. - M YTH 4- Si l ence i s GOLDEN. � 2 Ye a r s Ago: She l l s a nd TM P f i l e s . � Si t ua t i ons t ha t PRESSURE ve ndor s t o ke e p s i l e nt e ve n whe n t he y do NOT wa nt t o. . . � COM PAQ / SnoSof t f i a s c o ( e ve n be f or e t he e vi l DM CA wa s t hr own i nt o t he mi x) . - M YTH 3- W hen a vendor s ays “Secur i t y” t hi s i s “Secur i t y” as you or I under s t and i t . � C2/ B1 � Com m on Cr i t e r i a Eva l ua t i on � Or a c l e Unbr e a ka bl e � And whe n ma r ke t i ng t a l ks : “ Thi s s t uf f s e l l s ! ” FIRST 4

  5. Slaying Unix Vendor Myths - M YTH 2- Cus t om er s ar e act ual l y expl i ci t i n as ki ng f or a pat ch. � “I j us t want a pat c h/ f i x DAM “I j us t want a pat c h/ f i x DAM M M I T! ” I T! ” � <i r ony>No one e ve r wa nt s e x ac t l y wha t t he y a r e r unni ng now wi t h j us t a s e c ur i t y f i x. </ i r ony> � Ye s , pe opl e ha ve good r e a s on not t o wa nt t o upgr a de . . . W ha t i s t he Num be r 1 M yt h? - M YTH 1- Cus t om er s t el l us s ecur i t y i s t hei r NUM BER 1 Pr i or i t y. � The Num be r 1 Pr i or i t y i s : UPTI M UPTI M E E And s ome f ol ks a c c e pt r e boot i ng W i ndows e ve r y da y. FIRST 5

More recommend