Return-Path: <sentto-279987-4446-1013128764-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 07 Feb 2002 16:43:07 -0800 (PST)
Received: (qmail 31844 invoked by uid 510); 8 Feb 2002 00:39:50 -0000
Received: from n31.groups.yahoo.com (216.115.96.81) by all.net with SMTP; 8 Feb 2002 00:39:50 -0000
X-eGroups-Return: sentto-279987-4446-1013128764-fc=all.net@returns.groups.yahoo.com
Received: from [216.115.97.191] by n31.groups.yahoo.com with NNFMP; 08 Feb 2002 00:39:24 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_2); 8 Feb 2002 00:39:23 -0000
Received: (qmail 92397 invoked from network); 8 Feb 2002 00:39:23 -0000
Received: from unknown (216.115.97.167) by m5.grp.snv.yahoo.com with QMQP; 8 Feb 2002 00:39:23 -0000
Received: from unknown (HELO red.all.net) (12.232.72.98) by mta1.grp.snv.yahoo.com with SMTP; 8 Feb 2002 00:39:23 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g180f7N14418; Thu, 7 Feb 2002 16:41:07 -0800
Message-Id: <200202080041.g180f7N14418@red.all.net>
To: staysafeonline@uschamber.com, iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 7 Feb 2002 16:41:07 -0800 (PST)
Subject: [iwar] I just visited your site and found many serious problems that I think you should address
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Problem 1 - you require javascript be enabled in my browser in order to
use your site properly.
This causes me to have to make my browser LESS safe in order to use your site.
No security site should use Javascript because it induces users to put
their browsers in an unsafe operating mode.
Problem 2 - Your security test fails the laugh test. You are not asking
questions that apply to all users, and your answers assume many things
that are not true of my situation.
Example: 10. Look at the security setting on your Internet
browser software. Is it set to:
High, Medium, Low...
Answer - none of the above. My browser doesn't have these settings.
You don't provide the proepr default.
Example: Extra credit: The backups are safely stored more than 50 miles away
from the computer the files are from.
Problem: I presume you assert that the answer should be YES - but this is
foolishness for the vast majority of computer users. It is valid
against nuclear war perhaps, but not for the average user.
Example: 7. Passwords should be as hard to guess as possible. They should
have numbers, upper case letters, and lower case letters, all mixed in.
Do you use passwords with: <set of options>
Problem: If I tell you the answer I am revealing something about my
password to you - which is not a very good idea if I am going to
stay safe. How about an option like:
- Telling others characteristics of my password would be unsafe.
All other answers are wrong.
I could go on, buyt I think you should consult with at least one real
expert on security before you push these foolish things on the
unsuspecting public.
FC
--This communication is confidential to the parties it is intended to serve--
Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171
fc@all.net The University of New Haven.....http://www.unhca.com/
http://all.net/ Sandia National Laboratories....tel:925-294-2087
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Sponsored by VeriSign - The Value of Trust
Pinpoint the right security solution for your company - FREE
Guide from industry leader VeriSign gives you all the facts.
http://us.click.yahoo.com/lWSNbC/WdiDAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->
------------------
http://all.net/
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST