[prev in list] [next in list] [prev in thread] [next in thread]
List: dailydave
Subject: Re: [Dailydave] So,
From: Joanna Rutkowska <joanna () invisiblethingslab ! com>
Date: 2009-02-14 20:42:01
Message-ID: 49972C99.9070600 () invisiblethingslab ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Dave Korn wrote:
> "UAC should only be considered an extra security feature, which will remind
> users that the code they run potentially could harm their systems - it is not
> meant as a guarantee against code's ability to harm a system," Secunia's
> Kristensen added.
> --------------------<snip>--------------------
>
Heh ;) That rings a bell ;)
> That made me snort into my breakfast cereals, I can tell you. Has the
> entire security industry abandoned all hope of using the principle of least
> privilege and limited user accounts, or just him?
It seems so. Why otherwise everybody would be getting so excited about
yet-another-remote-bug-in-IE/Firefox/Safari? Why would the Flash/QT/etc exploits
be worth tens of thousand of $ on the black market?
Least privilege, seems to be a rocket science for the majority of population.
Sadly, this seems to include the ITSec community as well.
I wish more people make comments like Dave.
Cheers,
joanna.
"Give less shit about browser bugs -- run them in VMs!" (The 's' is important)
["signature.asc" (application/pgp-signature)]
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic