Firewall security: Problems with simple Samba file share 3610

Peter T. Breuer

Ahh, yes. The beginning of ad hominem attacks. I'm "naive" if I don't agree with your argument.

How is it naive to say that an exploit that is discovered at time X may have been known and used by someone else at some previous point? There's nothing "naive" about it - it's simple fact that you cannot know if it is known by someone who chooses not to reveal it. You also completely ignore so-called zero day attacks.

Oh please. Another typical Peter debate topic. Off on an unrelated tangent.

You just ignore reality, don't you? The vulnerability doesn't pop into existence when it is reported - this isn't Schroedinger's cat. Nor does exploiting a vulnerability always give away the method, especially when used against "ordinary" systems. Finally, even if by some miracle the first use was noticed, and perfectly identified as to source, software does not get fixed instantly.

And you are ignoring that your vulnerability can be someone else's exploit. Again, if I steal a dollar from your wallet but you don't notice it, I still have your dollar and you certainly can't prevent me from doing it again because you don't even know it happened!

That's ostrich logic. If you can't see it, it doesn't mean it doesn't exist.

If I steal everything you own but you don't know HOW I stole it, it hardly matters what the odds against it are.

Small comfort to those affected by it. "Oh yeah, I got hacked, but fortunately the patches came out before Peter got hit. Boy, I feel good about that!"

Again, not necessarily true. I can't recall who said this, but some recent security book suggested that the worst attacks are hand-crafted against specific targets and don't necessarily have wide application. They drew a scenario of studying what you are known to be running and looking for specific and unknown weaknesses in that software.

So? If I'm the target, I want all the extra protection I can afford. Deploying iptables costs me an insignificant amount of time, and even a hardware firewall is less than a hours income for me. Small price..

-- Tony Lawrence