gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| reply to Lilla1
Re: [Kerio 2.x] Kerio 2.15 w good rules fails 50%
Damn! Firewalls are FIREWALLS. They should be, anyway. We don't expect our spreadsheet to open DBF files, do we??? WHY do so called "experts" try and tell us we ought to expect our "packet filter" to block cookies, for Christ's sake? Pile of crap, put bluntly. Windows mentality (make it all simple, all under one roof, no matter HOW much you have to eviscerate it doing so) carried from the sublime to the ridiculous. By the way, not jumping you, guys  ... I'm jumping these Beotian IDIOTS who define a firewall as a "security suite, one shot kills all." They're frankly morons, in my eyes. They comprehend what's going on as well as I comprehend the atomic structure of my coffee. Just pour a cup and enjoy - install this and solve all your security, privacy and erectile dysfunction problems with one simple pill. Bullshit.
And yes, if the shoe fits, for those sites that keep reciting, "we see a cookie, your firewall should stop that" WEAR IT. You're boobs, guys. That's crap, and you're boobs, and what upsets me is you're propagandizing the community to believe (innocently enough) crap purveyed by boobs. A "firewall", at base, is a packet filter. And it's as much characterized by its limitations as by its capabilities. As far as I'm concerned, those sites that create "FUD" over idiotic stuff like cookies and browser headers and such are working against us. NOT with us. They're creating an expectation that's inelegant, interdependent, and highly fallible. And those who demonstrate OS and app flaws that bypass firewalls without offering any real help defeating the problem aren't "on our side;" they're jerks, and they're helping the other side with their "your firewall's worthless" bullshit. And that's exactly and all their case is... BULL... uh, you get it  ...
The "win32 mystery package just click here and it does it" metaphor's the most hurtful metaphor ever circulated about computing. If I can't verify what something does and how, I call it etherware, not "phenomenal and revolutionary."
Again, not jumping anyone here... I'm jumping the idiot contingent out there who spread fear, uncertainty and doubt, and offer nothing whatsoever useful thereafter, and try and portray themselves as "contributing" to the security community... they don't contribute, they're the problem. Nothing like perpetuating ignorance to compound any problem.
Welcome to the BBR Kerio/Tiny forum... grab a candle, the good folks here hand around MATCHES later on, so you can light them. We don't give away fish, we teach fishing, here. Wet a line with us... welcome aboard...
I just had to get that off my chest... thanks for listening.
As far as those leak t6ests, there are no known in the wild exploits based on them (and they've been around at least as long as I've been at BBR), they're totally addressable by sandboxing (e.g.: Tiny, properly configured), and they for the most part demonstrate inexcusable security flaws in windows, not in our firewalls. Firewalls tend to not address that kind of stuff, because it isn't exactly supposed to be possible in a properly hardened OS... uh... as far as windows goes, I would STILL like an answer from MS as to why IE can be so easily hijacked by any app that wants it to traverse a firewall so easily??? Anyone at MS want to address this question? I call this "feature" the ultimate in moronical design. But it's still there, has been forever, has no user or admin control whatsoever, and is completely ignored by virtually everyone... It's irresponsible, idiotic and ridiculous, and the only thing MORE irresponsible is the way people gloss it over within the security community; a firewall shouldn't have to stop that sort of thing - it never should happen.
As far as DLL injection and all that, well, that's application layer sandboxing, not network layer firewalling... so the ball's back in the court of those leak testers. If they have the "MaD sKIllZ" to be doing those borderline-cracker leaktests, why don't they "like, contribute something, dudes", and devote as much time PATCHING holes in the hull as they spend POINTING at 'em and demanding someone else fix 'em... Big favor... demonstrate the holes in my OS and firewall. What I want is a FIX, not a demo, though...
... of course, we are sometimes given to believe that smug arrogance is the hallmark of some security type hackers. Guess we couldn't expect any more, then, from these dopes.
Give a man a fish and he eats for a day. Teach fishing and he eats for life.
I call on these so-called "whitehats" to prove their hats aren't really a dull grey, and start teaching some fishing, damnit. Stop telling me why they don't bite on my bait and tell me what you use... or just shut up and sit down; any jackass can kick down a barn; it takes master carpenters to build one.
--
Semper Eadem
Enjoy every sandwich... Warren Zevon |
