[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    RE: [NTSEC] ActiveX, MSIE and Quicken
From:       Todd Graham Lewis <lists () reflections ! mindspring ! com>
Date:       1997-01-31 9:42:57
[Download RAW message or body]

On Fri, 31 Jan 1997, Russ wrote:

> So yes, plug it up today, that's what I recommend anyway, but What we
> really need are new/improved desktop security products, not more filters
> for Firewalls.

Not to be contentious or anything, but what we _need_ are designers who
put different technologies on different port numbers rather than cramming
everything under the sun down port 80.

I'm increasingly coming to question whether or not firewalls are even
viable in these web-only times of ours.  The power to enforce
administrative decisions wrt which data to allow and which to deny is
disappearing beneath us, and with it our ability to protect our users from
malicious attack.

Incredible though it might sound, I am not trying to pick on ActiveX.
Java is just as bad, and JavaScript seems to be the up and comer among the
web offenders.  Still, though, if someone can perform Quicken transactions
on my CEO's PC by luring him into a web page, my attitude towards the
technology and the practices which made that possible are going to be
negative and hostile.  I hope the shiny/happy people out there can
understand why it makes us dull/grumpy people swear and drink a lot.

Geez, at age 21 I really am too young to get an ulcer.

__
Todd Graham Lewis          Mindspring Enterprises      tlewis@mindspring.com

[prev in list] [next in list] [prev in thread] [next in thread]