Re: [PLUG] Software security

Toby DiPasquale on Mon, 18 Mar 2002 00:10:13 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Software security

From: Toby DiPasquale <anany@ece.villanova.edu>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Software security

Date: Sun, 17 Mar 2002 18:05:15 -0500 (EST)

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

I agree. Smaller companies seem to have a lesser amount of policy on security than larger companies that may be financially liable for quite a large amount of money in the event of a computer breakin or data corruption. I have worked for only smaller companies and have noticed that none of their security policies satisfied my desires for comprehensive security. When I worked with Windows, I was regularly logging in as Administrator, because that is the only way to develop applications with Microsoft software. That included hitting the Web as Admin and doing all sorts of extra insecure stuff as Admin. I never have to do that stuff as root on *n*x, since everything but <1024 ports are accesible from my regular userid. << T o b i a s D i P a s q u a l e >> anany@ece.villanova.edu | tdipas01@villanova.edu | toby@khenry.com "Bill Gates comes to visit SoftImage and during an employee Q/A someone asks 'Since the Internet is all about free software, how come Microsoft is still charging for it?'" -- Adam Barr, __Proudly Serving My Corporate Masters__ On Sun, 17 Mar 2002, mike.h wrote: > I've worked for very large (100K + employees) companies with very good > security policies. In a small office where I recently did some work, users > used their 2 letter initials as passwords. My sister works for a small > company where every user logs in as ADMIN! The security policies of the > establishment would seem at least as important as the features of the OS; > maybe more. > > Meanwhile, I get several alerts every month about security flaws discovered > in common *nix programs. I'm not an expert in creating secure software, but > I would like to learn. I would be very interested in a discussion about how > to create programs that are free from buffer overflow problems and other > security weaknesses. Are there standard tools used to test software for > these types of problems? Are there standard techniques used to address them? > > If anyone here has experience/expertise in this, I would greatly appreciate > your thoughts on how to improve my own software. > > TIA, > -mike.h > > > > ______________________________________________________________________ > Philadelphia Linux Users Group - http://www.phillylinux.org > Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce > General Discussion - http://lists.phillylinux.org/mail/listinfo/plug > ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

Follow-Ups:

Re: [PLUG] Software security
From: Jeff Abrahamson <jeff@purple.com>

References:

[PLUG] Software security
From: "mike.h" <mike.h@acm.org>

Prev by Date: RE: [PLUG] SuSe 7.3 booting

Next by Date: Re: [PLUG] linux sw install

Previous by thread: Re: [PLUG] Software security

Next by thread: Re: [PLUG] Software security

Index(es):

Date

Thread