Mailinglist Archive: opensuse-security (601 mails)
| < Previous | Next > |
Re: Secure By Default - PLEASE!
- From: Johannes Geiger <geiger@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Aug 2000 12:09:25 +0000
- Message-id: <20000822120834.B1540@mailspies>
Hi!
Am Tue, Aug 22, 2000 at 10:40:32AM +0200 schrieb Thomas Biege:
> we don't sell a hyper-secure Linux, we sell a nearly complete and useable
> Linux. we have to go the small path between security and useablity, and in
> my opinion we do that very well.
>
> ...
>
> that's ok, because you know what's dangerous, but the unexperienced users
> just sees a not working system if we disable all services and remove all
> sbit's.
As Thomas' statement shows, the real problem is that the avarage user still is
not aware of the security issues. SuSE wants to sell their distribution so they
have to sell what their customers want and that is usability, not security. If
the attitude of the customers will change one day (which might - after all -
happen, as the last months have shown), a "more secure" tradeoff between
security and usability is feasable, but probably not now. In my opinion this is
very very sad but it is the facts. So do not blame SuSE, try to raise security
awareness among the users! (As Thomas said: They cannot ship brain with SuSE.)
But as an aside:
> if users use unencrypted traffic it's their fault.
Yes, Thomas, but you have to admit that they simply do not know what they are
doing. Did you ever try to explain cryptography to a secretary? If you would
rename ssh to telnet, most users would not ever notice, I bet :-) !
> > > Hrhr... 'secure by default' nice buzzwords.
Oh, and by the way, "secure by default" or better "failsafe defaults" is not a
buzzword but one of those very important security prinicples which have been
ignored for several decades :'-(
Best regards
Johannes Geiger
-----------------------------------------------------------------
Dipl.-Inform. Johannes Geiger geiger@xxxxxxxxxxxxxxxxxxxxxxxxx
Technische Universität München http://wwwspies.in.tum.de/~geiger
Fakultät für Informatik Tel.: 089/289-25723 Fax: -22037
D-80290 München
Raum 3544, Eingang XI (Ecke Luisen-/Theresienstraße), 3. Stock
-----------------------------------------------------------------
Am Tue, Aug 22, 2000 at 10:40:32AM +0200 schrieb Thomas Biege:
> we don't sell a hyper-secure Linux, we sell a nearly complete and useable
> Linux. we have to go the small path between security and useablity, and in
> my opinion we do that very well.
>
> ...
>
> that's ok, because you know what's dangerous, but the unexperienced users
> just sees a not working system if we disable all services and remove all
> sbit's.
As Thomas' statement shows, the real problem is that the avarage user still is
not aware of the security issues. SuSE wants to sell their distribution so they
have to sell what their customers want and that is usability, not security. If
the attitude of the customers will change one day (which might - after all -
happen, as the last months have shown), a "more secure" tradeoff between
security and usability is feasable, but probably not now. In my opinion this is
very very sad but it is the facts. So do not blame SuSE, try to raise security
awareness among the users! (As Thomas said: They cannot ship brain with SuSE.)
But as an aside:
> if users use unencrypted traffic it's their fault.
Yes, Thomas, but you have to admit that they simply do not know what they are
doing. Did you ever try to explain cryptography to a secretary? If you would
rename ssh to telnet, most users would not ever notice, I bet :-) !
> > > Hrhr... 'secure by default' nice buzzwords.
Oh, and by the way, "secure by default" or better "failsafe defaults" is not a
buzzword but one of those very important security prinicples which have been
ignored for several decades :'-(
Best regards
Johannes Geiger
-----------------------------------------------------------------
Dipl.-Inform. Johannes Geiger geiger@xxxxxxxxxxxxxxxxxxxxxxxxx
Technische Universität München http://wwwspies.in.tum.de/~geiger
Fakultät für Informatik Tel.: 089/289-25723 Fax: -22037
D-80290 München
Raum 3544, Eingang XI (Ecke Luisen-/Theresienstraße), 3. Stock
-----------------------------------------------------------------
| < Previous | Next > |