Subject: comparing information security to other industries - msg#00076

Previous Message by Date: click to view message preview

IE7 Phishing Filter Tells Microsoft The URLS You Visit?

According to SPI Labs IE7 sends personal information on urls that you request to Microsoft. Link: http://portal.spidynamics.com/blogs/spilabs/ - Robert http://www.cgisecurity.com/ Web Application Security news and more http://www.cgisecurity.com/index.rss [RSS Feed] ---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Next Message by Date: click to view message preview

RE: comparing information security to other industries

That’s a tough question to address.  I don’t think the security industry will achieve perfection no more than the other industries you listed. Like the other disciplines, research continues, but so do the evolution of threats.  Construction and engineering is plagued with their own set of challenges that must be overcome. Buildings can be engineered and constructed with a high degree of confidence, but a good, strong storm or earthquake can still bring them down.  Security is the same in that sense. We can evolve our knowledge and implementations, but a good, strong storm (or careless error) can bring it all down J   My 0.02   Will   From: KT [mailto:ktriv3di@xxxxxxx] Sent: Tuesday, December 19, 2006 2:16 PM To: full-disclosure@xxxxxxxxxxxxxxxxx; websecurity@xxxxxxxxxxxxx Subject: [WEB SECURITY] comparing information security to other industries   So we have been dealing with information security from last 20 years and still the world is at large lost. We still see banks vulnerable to trivial XSS attacks and software broken by buffer overflows. How do we compare to other industries like construction, engineering, finance? What I am trying to figure out is how mature we are and how long will it take for to get stable? Confidentiality Notice: This message is for the sole use of the intended recipient(s). It may contain confidential or proprietary information and may be subject to the attorney-client privilege or other confidentiality protections. If this message was misdirected, neither FNC Holding Company, Inc. nor any of its subsidiaries waive any confidentiality, privilege, or trade secrets. If you are not a designated recipient, you may not review, print, copy, retransmit, disseminate, or otherwise use this message. If you have received this message in error, please notify the sender by reply e-mail and delete this message.

Previous Message by Thread: click to view message preview

IE7 Phishing Filter Tells Microsoft The URLS You Visit?

According to SPI Labs IE7 sends personal information on urls that you request to Microsoft. Link: http://portal.spidynamics.com/blogs/spilabs/ - Robert http://www.cgisecurity.com/ Web Application Security news and more http://www.cgisecurity.com/index.rss [RSS Feed] ---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Next Message by Thread: click to view message preview

RE: comparing information security to other industries

That’s a tough question to address.  I don’t think the security industry will achieve perfection no more than the other industries you listed. Like the other disciplines, research continues, but so do the evolution of threats.  Construction and engineering is plagued with their own set of challenges that must be overcome. Buildings can be engineered and constructed with a high degree of confidence, but a good, strong storm or earthquake can still bring them down.  Security is the same in that sense. We can evolve our knowledge and implementations, but a good, strong storm (or careless error) can bring it all down J   My 0.02   Will   From: KT [mailto:ktriv3di@xxxxxxx] Sent: Tuesday, December 19, 2006 2:16 PM To: full-disclosure@xxxxxxxxxxxxxxxxx; websecurity@xxxxxxxxxxxxx Subject: [WEB SECURITY] comparing information security to other industries   So we have been dealing with information security from last 20 years and still the world is at large lost. We still see banks vulnerable to trivial XSS attacks and software broken by buffer overflows. How do we compare to other industries like construction, engineering, finance? What I am trying to figure out is how mature we are and how long will it take for to get stable? Confidentiality Notice: This message is for the sole use of the intended recipient(s). It may contain confidential or proprietary information and may be subject to the attorney-client privilege or other confidentiality protections. If this message was misdirected, neither FNC Holding Company, Inc. nor any of its subsidiaries waive any confidentiality, privilege, or trade secrets. If you are not a designated recipient, you may not review, print, copy, retransmit, disseminate, or otherwise use this message. If you have received this message in error, please notify the sender by reply e-mail and delete this message.