Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] comparing information security to other industries

from [Brian Eaton] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] comparing information security to other industries
Date: Sun, 24 Dec 2006 09:43:01 -0500 
On 12/24/06, Michael Zimmermann <zim@vegaa.de> wrote:

are the computer systems at large nowadays more secure than
- say - ten years ago?


Some systems are.  But not because the software has gotten any better.
 Organizations have gotten better at defense-in-depth.

Consider patch management systems.  A decade ago, most companies
barely had one at all.  Today, companies are evaluating, verifying,
and pushing out patches within days of their release.  More networks
are isolated behind firewalls, and lots of workstations are using
host-based firewalls.  Even the low-end consumers have gotten better
at this: lots more people are using SOHO routers with firewalls
instead of a cable modem with a wide open internet connection.

The attackers have gotten better as well.  But even when the attackers
successfully exploit a new vulnerability, organizations are better
prepared to deal with the consequences.

You might see another codered type vulnerability in IIS, but there is
no way it would do as much damage as the original worm.

Regards,
Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] comparing information security to other industries, Michael Zimmermann
Next by Date:  [Full-disclosure] TimberWolf 1.2.2 vulnerable to XSS, corrado.liotta
Previous by Thread:  Re: [Full-disclosure] comparing information security to other industries, Michael Zimmermann
Next by Thread:  Re: [Full-disclosure] comparing information security to other industries, Michael Zimmermann
Indexes:  [Date] [Thread] [Top] [All Lists]