|
|
BugTraq
Remote Desktop Command Fixation Attacks Oct 10 2007 11:14AM pdp (architect) (pdp gnucitizen googlemail com) (2 replies) RE: Remote Desktop Command Fixation Attacks Oct 10 2007 10:11PM Thor (Hammer of God) (thor hammerofgod com) (2 replies) Re: Remote Desktop Command Fixation Attacks Oct 11 2007 12:17AM pdp (architect) (pdp gnucitizen googlemail com) (3 replies) RE: Remote Desktop Command Fixation Attacks Oct 12 2007 04:32PM Thor (Hammer of God) (thor hammerofgod com) (1 replies) Re: Remote Desktop Command Fixation Attacks Oct 13 2007 12:51PM pdp (architect) (pdp gnucitizen googlemail com) Re: Remote Desktop Command Fixation Attacks Oct 10 2007 07:38PM Steve Shockley (steve shockley shockley net) (1 replies) Re: Remote Desktop Command Fixation Attacks Oct 11 2007 12:24AM pdp (architect) (pdp gnucitizen googlemail com) |
|
Privacy Statement |
> Thor, with no disrespect but you are wrong. Security in depth does not
> work and I am not planning to support my argument in any way. This is
> just my personal humble opinion. I've seen only failure of the
> principles you mentioned. Security in depth works only in a perfect
> world. The truth is that you cannot implement true security mainly
> because you will hit on the accessibility side. It is all about
> achieving the balance between security and accessibility. Moreover,
> you cannot implement security in depth mainly because you cannot
> predict the future. Therefore, you don't know what kinds of attack
> will surface next.
>
> Security is not a destination, it is a process. Security in depth
> sounds like a destination to me.
Security in depth is neither a destination nor a process. It is a state
of mind. Each part should take care of itself. And it should be as
secure as possible in each step.
Hugo.
--
hvdkooij (at) vanderkooij (dot) org [email concealed] http://hugo.vanderkooij.org/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
[ reply ]