> Hi, > [...] I skip this, as I've not been in a SA conference, so I can't judge... > Why do we trust our vendors when they say that their systems are > secure? What are the checks that we perfom before we bring a system onto > the netwotk? Do we perform them at all or do we just blindly assume that > if there is no patch out there, there is no problem? Is it that we do not > want to bother with it or is it that we do not know where to look? > I would appreciate your comments... I think true professionals do not trust marketing bells. Depending on the machine one wants to hook on the Net, there exists a wide range of FAQs, HOWTOs, admin lists which can help to bring a system `adequately' (ie. for the casual cracker) secure. One is able to assume that one is secure from previous bugs; bugs will always come in the future. S/W complexity increases bugginess (don't remeber where I've read it). I think we all know where to look, from newbies (like me) to the highly experienced. Those who seek, discover (and the crackers too ;-). -- giorgos adamopoulos (el90118@central.ntua.gr) ``We who are not as others'' -- Sepultura.