Sl ayi ng Sl ayi ng Uni x Ve ndor Uni x Ve ndor M M yt hs yt - - PDF document

sl ayi ng sl ayi ng uni x ve ndor uni x ve ndor m m yt hs
SMART_READER_LITE
LIVE PREVIEW

Sl ayi ng Sl ayi ng Uni x Ve ndor Uni x Ve ndor M M yt hs yt - - PDF document

Oct 23, 2023 40 likes •92 views

Slaying Unix Vendor Myths Sl ayi ng Sl ayi ng Uni x Ve ndor Uni x Ve ndor M M yt hs yt hs M i ke O Connor m j o@ doj o. m i . or g Si l i con Gr aphi cs a. k. a. SGI Over 20 year s caus i ng Havoc i n t he I ndus t r y Top

slide-1
SLIDE 1

Slaying Unix Vendor Myths FIRST 1

Sl ayi ng Sl ayi ng Uni x Ve ndor Uni x Ve ndor M yt hs M yt hs

m j o@ doj o. m i . or g Si l i con Gr aphi cs a. k. a. SGI Over 20 year s caus i ng Havoc i n t he I ndus t r y

M i ke O’ Connor

Top 10 M yt hs About Uni x Ve ndor s and Se c ur i t y

slide-2
SLIDE 2

Slaying Unix Vendor Myths FIRST 2

  • M

YTH 10 -

Vendor s NEVER r es pond when s ent a s ecur i t y pr obl em .

W e do r e a d BugTr a q a nd f r i e nds >50%

  • f wha t we r e c e i ve i s B. S.

SPAM , SPAM , SPAM . . . a nd Kl e z!

  • M

YTH 9-

Thos e vendor s t ake FOREVER t o r es pond.

A m

  • nt h i s NOT 6 da ys

W e c a n’ t r e t a l i a t e . . . e ve n t o t he “ r e s pe c t a bl e m e m be r s of t he s e c ur i t y c om m uni t y”

  • M

YTH 8-

Vendor s do NOT f i x t hi ngs .

“ I r e a d on ZDNe t … ” Do you r e al l y r e al l y be l i e ve e ve r yt hi ng you r e a d? ? ? ? ? ? ? ? ?

slide-3
SLIDE 3

Slaying Unix Vendor Myths FIRST 3

  • M

YTH 7-

I f you woul d onl y wr i t e GOOD s of t war e.

M y gi r l f r i e nd i ns i s t s on t hi s que s t i on: How ma ny of you ha ve be e n de ve l ope r s ? Expor t Cont r ol Thi r d Pa r t y St or a ge Ha r dwa r e Bugs , a nyone ?

H ar dw ar e Bugs

Non Exe c Spa c e St a c ks i n CPU De s i gn FI PS- 180 Ra ndom ne s s St a t e m e nt of Vol a t i l i t y TOE, SSL Ac c e l e r a t i on Ha r dwa r e Engi ne e r s ( E. E. ’ s )

  • M

YTH 6-

Uni x Vendor s wor k wi t h i nt r us i on det ect i on and hos t har deni ng vendor s .

W he n I SS s a ys s ome t hi ng. . . Sc a nne r r e por t s no pr obl e m s but . . . Sc a nne r Ve ndor s a nd Uni x Ve ndor s do NOT t a l k t o one a not he r .

slide-4
SLIDE 4

Slaying Unix Vendor Myths FIRST 4

  • M

YTH 5-

Vendor s ar e agai ns t FULL DI SCLOSURE.

Ful l Di s c l os ur e i s NOT I m m e di a t e Di s c l os ur e . Gr a dua t e d Di s c l os ur e i s BAD #include <snmp-horror-story.h> Re c e nt RFC not i ns t i t ut e d by M i c r os of t . OI S, t he Or ga ni z a t i on f or I nt e r ne t Sa f e t y a nd be yond.

  • M

YTH 4-

Si l ence i s GOLDEN.

2 Ye a r s Ago: She l l s a nd TM P f i l e s . Si t ua t i ons t ha t PRESSURE ve ndor s t o ke e p s i l e nt e ve n whe n t he y do NOT wa nt t o. . . COM PAQ / SnoSof t f i a s c o ( e ve n be f or e t he e vi l DM CA wa s t hr own i nt o t he mi x) .

  • M

YTH 3-

W hen a vendor s ays “Secur i t y” t hi s i s “Secur i t y” as you or I under s t and i t .

C2/ B1 Com m

  • n Cr i t e r i a Eva l ua t i on

Or a c l e Unbr e a ka bl e And whe n ma r ke t i ng t a l ks : “ Thi s s t uf f s e l l s ! ”

slide-5
SLIDE 5

Slaying Unix Vendor Myths FIRST 5

  • M

YTH 2-

Cus t om er s ar e act ual l y expl i ci t i n as ki ng f or a pat ch.

“I j us t want a pat c h/ f i x DAM M I T! ” “I j us t want a pat c h/ f i x DAM M I T! ” <i r ony>No one e ve r wa nt s e x ac t l y wha t t he y a r e r unni ng now wi t h j us t a s e c ur i t y f i x. </ i r ony> Ye s , pe opl e ha ve good r e a s on not t o wa nt t o upgr a de . . .

W ha t i s t he Num be r 1 M yt h?

  • M

YTH 1-

Cus t om er s t el l us s ecur i t y i s t hei r NUM BER 1 Pr i or i t y.

The Num be r 1 Pr i or i t y i s : And s ome f ol ks a c c e pt r e boot i ng W i ndows e ve r y da y.

UPTI M E UPTI M E