Return-Path: <sentto-279987-4446-1013128764-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 07 Feb 2002 16:43:07 -0800 (PST) Received: (qmail 31844 invoked by uid 510); 8 Feb 2002 00:39:50 -0000 Received: from n31.groups.yahoo.com (216.115.96.81) by all.net with SMTP; 8 Feb 2002 00:39:50 -0000 X-eGroups-Return: sentto-279987-4446-1013128764-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.191] by n31.groups.yahoo.com with NNFMP; 08 Feb 2002 00:39:24 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_2); 8 Feb 2002 00:39:23 -0000 Received: (qmail 92397 invoked from network); 8 Feb 2002 00:39:23 -0000 Received: from unknown (216.115.97.167) by m5.grp.snv.yahoo.com with QMQP; 8 Feb 2002 00:39:23 -0000 Received: from unknown (HELO red.all.net) (12.232.72.98) by mta1.grp.snv.yahoo.com with SMTP; 8 Feb 2002 00:39:23 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g180f7N14418; Thu, 7 Feb 2002 16:41:07 -0800 Message-Id: <200202080041.g180f7N14418@red.all.net> To: staysafeonline@uschamber.com, iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 7 Feb 2002 16:41:07 -0800 (PST) Subject: [iwar] I just visited your site and found many serious problems that I think you should address Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Problem 1 - you require javascript be enabled in my browser in order to use your site properly. This causes me to have to make my browser LESS safe in order to use your site. No security site should use Javascript because it induces users to put their browsers in an unsafe operating mode. Problem 2 - Your security test fails the laugh test. You are not asking questions that apply to all users, and your answers assume many things that are not true of my situation. Example: 10. Look at the security setting on your Internet browser software. Is it set to: High, Medium, Low... Answer - none of the above. My browser doesn't have these settings. You don't provide the proepr default. Example: Extra credit: The backups are safely stored more than 50 miles away from the computer the files are from. Problem: I presume you assert that the answer should be YES - but this is foolishness for the vast majority of computer users. It is valid against nuclear war perhaps, but not for the average user. Example: 7. Passwords should be as hard to guess as possible. They should have numbers, upper case letters, and lower case letters, all mixed in. Do you use passwords with: <set of options> Problem: If I tell you the answer I am revealing something about my password to you - which is not a very good idea if I am going to stay safe. How about an option like: - Telling others characteristics of my password would be unsafe. All other answers are wrong. I could go on, buyt I think you should consult with at least one real expert on security before you push these foolish things on the unsuspecting public. FC --This communication is confidential to the parties it is intended to serve-- Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171 fc@all.net The University of New Haven.....http://www.unhca.com/ http://all.net/ Sandia National Laboratories....tel:925-294-2087 ------------------------ Yahoo! Groups Sponsor ---------------------~--> Sponsored by VeriSign - The Value of Trust Pinpoint the right security solution for your company - FREE Guide from industry leader VeriSign gives you all the facts. http://us.click.yahoo.com/lWSNbC/WdiDAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST