Interview with Marcus Ranum

Interview with Marcus Ranum
Federico Biancuzzi, 2005-06-21

Expand all | Post comment

Good! 2005-06-21
Anonymous

Interview with Marcus Ranum 2005-06-21
Steve Lodin

Interview with Marcus Ranum 2005-06-22
Anonymous (1 replies)

Re: Interview with Marcus Ranum 2005-06-22
Marcus Ranum

If the CTOs of 10 FORTUNE 500 firms .... 2005-06-22
Andrew Yeomans

Interview with Marcus Ranum 2005-06-22
some guy in Central PA (1 replies)

Re: Interview with Marcus Ranum 2005-06-22
Marcus Ranum (1 replies)

Re: Re: Interview with Marcus Ranum 2005-06-24
Anonymous

Interview with Marcus Ranum 2005-06-22
Anonymous

Interview with Marcus Ranum 2005-06-22
MST

Interview with Marcus Ranum 2005-06-22
Anonymous (1 replies)

Re: Interview with Marcus Ranum 2005-06-22
Marcus Ranum (2 replies)

Re: Re: Interview with Marcus Ranum 2005-06-22
Anonymous (1 replies)

Re: Re: Re: Interview with Marcus Ranum 2005-06-23
Marcus Ranum (1 replies)

Re: Re: Re: Re: Interview with Marcus Ranum 2005-06-26
whitehat

Re: Re: Interview with Marcus Ranum 2005-06-22
Anonymous

Blame 2005-06-22
Anonymous (1 replies)

Re: Blame 2005-06-22
Marcus Ranum

Interview with Marcus Ranum 2005-06-22
Anonymous

What a genius! 2005-06-22
Pete (4 replies)

Re: What a genius! 2005-06-22
Anonymous (1 replies)

Re: Re: What a genius! 2005-06-27
Anonymous

Re: What a genius! 2005-06-22
Marcus Ranum

Re: What a genius! 2005-06-23
Anonymous

Re: What a genius! 2005-06-23
Anonymous

Interview with Marcus Ranum 2005-06-22
B Maurice

Interview with Marcus Ranum 2005-06-22
John

Interview with Marcus Ranum 2005-06-22
Anonymous (1 replies)

Re: Interview with Marcus Ranum 2005-06-22
Marcus Ranum

Interview with Marcus Ranum 2005-06-22
Anonymous

Marcus, most companies have more than 150 nodes. 2005-06-22
Anonymous

Interview with Marcus Ranum 2005-06-22
Anonymous

Interview with Marcus Ranum 2005-06-22
Anonymous

Interview with Marcus Ranum 2005-06-22
Tails (2 replies)

Re: Interview with Marcus Ranum 2005-06-22
Anonymous

Re: Interview with Marcus Ranum 2005-06-22
Marcus Ranum (7 replies)

Re: Re: Interview with Marcus Ranum 2005-06-23
Anonymous

Re: Re: Interview with Marcus Ranum 2005-06-23
Anonymous

Re: Re: Interview with Marcus Ranum 2005-06-23
Kevin Fink

Re: Re: Interview with Marcus Ranum 2005-06-23
Anonymous (1 replies)

Re: Re: Re: Interview with Marcus Ranum 2006-07-14
Anonymous

Re: Re: Interview with Marcus Ranum 2005-06-25
rabidpacketmonkey

Re: Re: Interview with Marcus Ranum 2005-06-28
Norman Yarvin

Re: Re: Interview with Marcus Ranum 2005-06-29
Tails

Interview with Marcus Ranum 2005-06-22
trip (1 replies)

Re: Interview with Marcus Ranum 2005-06-23
Marcus Ranum

Good Article 2005-06-22
JC

What A Total Jackass 2005-06-22
Anonymous (1 replies)

Re: What A Total Jackass 2005-06-23
Marcus Ranum (1 replies)

Re: Re: What A Total Jackass 2005-06-29
Anonymous

Marcus Ranum blaming hackers???? 2005-06-22
pw (2 replies)

Re: Marcus Ranum blaming hackers???? 2005-06-23
Marcus Ranum

no, blame the victims 2005-06-24
Anonymous

SE/Linux 2005-06-22
Luke Kenneth Casson Leighton (1 replies)

Re: SE/Linux 2005-06-29
Anonymous

Interview with Marcus Ranum 2005-06-23
Rastor5

Interview with Marcus Ranum 2005-06-23
Anonymous

distribution of responsability is well put 2005-06-23
Martin-Éric Racine

Interview with Marcus Ranum 2005-06-23
Anonymous

Blame the Hackers? 2005-06-23
Bob (1 replies)

Re: Blame the Hackers? 2005-06-29
Marcus Ranum

Interview with Marcus Ranum 2005-06-23
JSF

Interview with Marcus Ranum 2005-06-24
Phil Agcaoili

his comments about the RFC process 2005-06-24
Reinier Post

Interview with Marcus Ranum 2005-06-24
Anonymous (2 replies)

Re: Interview with Marcus Ranum 2005-06-27
M. Andrew Molitor

Re: Interview with Marcus Ranum 2005-06-28
Anonymous (1 replies)

Re: Re: Interview with Marcus Ranum 2005-06-29
Anonymous

Time will tell about "De-Perimeterisation" 2005-06-27
Andreas

Interview with Marcus Ranum 2005-06-27
Anonymous (1 replies)

Re: Interview with Marcus Ranum 2005-07-11
Anonymous

80% spyware & 15% keyloggers? 2005-06-28
Anonymous

Interview with Marcus Ranum 2005-06-28
Anonymous (1 replies)

Re: Interview with Marcus Ranum 2005-06-29
Marcus Ranum

Interview with Marcus Ranum 2005-06-29
David

Agressive network configuration 2005-07-05
Stephen T

Interview with Marcus Ranum 2005-07-06
Anonymous

Think about it... 2005-07-16
Johann van Duyn

Interview with Marcus Ranum 2007-07-11
John Cowan

In the large companies I've worked for, "only allow the good" is indeed taken to heart. The trouble is that the best and safest definition of "the good" for security personnel is "nothing at all". There is no protocol that is *provably* not usable by a cracker (people have tunneled Telnet over DNS, for example), and security people are not rewarded for stopping threats, they are only punished (often by being sacked) for failing to stop them.

As a result, the only portals that are opened (and there are a lot of them) are those that the suits with enough clout care enough about to get the definition of "the good" changed. These suits know nothing and care less about security, so we get the current mess, when useful technologies aren't available inside "the firewall" but fashionable ones are.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/334/34619#34619

Interview with Marcus Ranum 2007-11-27
Anonymous

Privacy Statement
Copyright 2010, SecurityFocus