[TriLUG] NSA hunting and hacking sysadmins

Cristóbal Palmer cristobalpalmer at gmail.com
Fri Mar 21 13:24:03 EDT 2014


On Friday, March 21, 2014 at 12:58 PM, matt at noway2.thruhere.net wrote:  
> how is it that the
> vulnerabilities have not been discovered and addressed?

There are various reasons, but I find obfuscation the most interesting/fun:  


http://ioccc.org/  

Having said that, the most /likely/ reason is that writing bugs (just plain old bugs, not intentional back doors or weaknesses) is far easier than finding/fixing them. The software groups with the lowest defect rate in the world spend an amazing amount of time/money trying to prevent bugs from getting into the code in the first place, and even they can’t keep all bugs out.

Thanks to Mark (and Aaron) for this thread. It’s a reminder to pull out texts like Limoncelli et al to make sure I haven’t wandered too far from best practices. Possibly we could center a future meeting around best practices for sysadmins to avoid being that weak link?

Cheers,
--  
Cristóbal Palmer
cmpalmer.org





More information about the TriLUG mailing list