Wednesday, August 12, 2009

Sayings that drive me crazy

Ok, nothing to do with OS Fingerprinting, but I've seen this comment twice this week and it drives me nuts:

"Either way, ESX is just software and can suffer from
vulnerabilities just like any other piece of software."

Yes, 100% true, the above was when I asked if VM Escape had actually been shown in ESX, not just workstation/server. Earlier this week, someone else said the same thing on a different security list in regards to trunked VLANs into an ESX box and that trusting VMware to do it in ESX was crazy and you should use a real Firewall because "ESX is just software... and has vulns in it".

What do these security people think runs firewalls? Lets see, Cisco device runs IOS, IOS is software! Better yet, Network Engineers put rules in FWs, NEs get lazy sometimes and put bad rules in them.

Give me a break, YES ESX is software, YES software has vulns in it, but everything we do on these lovely pieces of hardware we are sitting at requires software to run. Even to boot them up there is software. What do you think the BIOS is!

Ok enough ranting, but next time you hear someone say "It is just software, so it has vulns in it" smack them upside the head for me!

No comments: