OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] Suggestion to the SuSE security people
From: bacano (bacanoesoterica.pt)
Date: Thu Oct 05 2000 - 08:10:58 CDT

Hi2all,

> Personally I do not trust anyone interacting with my hosts, even less if
it is
> an internal user. According to my experiences there's a percentage of 10
to 20%
> of security breaches committed by internal or "trusted" users; "the enemy
lies
> within"! ;-)

For those who are interested in this kind of numbers, at least by the
CSI/FBI Survey on cybercrime, in 2000 respondents to this survey reported:
71% detected unauthorized access by insiders (1997-40%;1998-44%;1999-55%)
79% detected employee abuse of internet access privileges
(1997-68%;1998-77%;1999-97%)

According to this survey, the likely sources of attack, regarding insiders
are close to 85% average in the last 4 years. So the enemy lies within more
then many people could supposed.

Regarding the several suggestions to SuSe sec team, i agree that
upgrades/fixes must not be available in Microsoft style (for that we
allready got Microsoft, right? eheheh).

About "I" and "X" flags, if they could be usefull to some of us, well, why
not use them ... who dont care about that, or that makes no diference, there
is no harm done i suppose (personally i'll ignore those flags, intruders are
intruders where ever they are).

About "auto_whatever" i leave that to my windoze boxes, for linux i want to
know exactly what happend and what is installed/fixed. It is like somebody
said, if something is working ok and new features are just a waste of time,
i hope no "auto" can mess with that. But again, if the "auto" exists, just
let people choose between that and the old fashion way, and all got their
wanted solution.

One time somebody here also had refered the gap of info about the need of
rebooting after an upgrade. That can be very usefull since there are people
who use this as server (and reboots can't be done at all time, for example
just at night or at weekends), while others (like me) use suse more as a
workstation, or a off-line server for tests only, so i can reboot any time i
like but others cant.

And at last, don't forget a suggestion i had made once ... share with us
some info about security tests that SuSe sec team make regarding specific
tools/architectures, it can be usefull to several of us, and avoid the need
of getting that info by other means, or wasting time in tests allready done
by others, or compare those tests with other tests.

Finished the suggestions ... guys we also must give some congratulations to
SuSe sec team, since version 7.0 (that FINALLY i got a copy eheh) have some
improvements (not just fixes and new versions of packages), some very
important to the enduser, like the diferences that there are now between the
'root' desktop and the 'user' desktop under KDE. Like, after the 1st
installation (without reading anything like any good enduser does eheheh) i
just wondered where the hell some icons had gone? What i did wrong? anything
eheh was just that some things are diferent now =;o)

[ ]'s bacano

p.s. - finally i was able to use yast2 on my laptop without having video
problems ... thanks a lot
p.s.2 - thanks also for including quanta on the distribution, next time dont
forget Morphon editor :P~

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com