lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: core at bokeoa.com (Charles 'core' Stevenson)
Subject: security through obsolescence??!@?!

kevin,

word man... rexd to the rescue? hehe... my god I know a couple of 
sysadmins who have the same philosophy. but it's pointless. it's like 
removing read priveleges from vulnerable suids! some of us have over a 
gigabyte of security related exploits, scanners, sniffers, backdoors 
etc.. Dating back to the 80's. ;)

peace,
core

KF wrote:
> This has to be one of the stupidest comments I have ever heard! Do you 
> honestly think that there are not people with REAL skill out there... 
> not just simple skript kiddies. I certainly hope that you wouldn't try 
> to "secure" your network with an old redhat 4.2 box,  Xenix or an old NT 
> 3.51 server. Installing old software is NOT an effective means of 
> warding off attackers... infact you may attract a more "old school" with 
> "0-day" from back in their day. There has to be numerious issues in 
> those old OS's that people have not told the vendors ... there were 
> never any public patches made ... etc. Don't kid yourselves... and if 
> you REALLY think this works... be so kind as to give us the IP addresses 
> for these legacy machines.
> -KF
> 
> 
>>> Posted: 06/06/2002 at 12:10 GMT
>>>   [724.gif] Here's an interesting way to secure an Internet-connected
>>>   computer against intruders: Make sure the operating system and
>>>   software it runs are so old that current hacking tools won't work on
>>>   it. This was suggested by Brian Aker, one of the programmers who works
>>>   on Linux.com, NewsForge, Slashdot, and other OSDN sites; he runs
>>>   several servers of his own that host a number of small non-profit
>>>   sites in the Seattle area. "I have one box still running a version of
>>>   Solaris that's so old none of the script kiddies can figure it out,"
>>>   Brian says. "They tend to focus on the latest and greatest, and don't
>>>   have the slightest idea how to handle my old Sun box."
>>>
>>
>>
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Full-Disclosure@...ts.netsys.com
> http://lists.netsys.com/mailman/listinfo/full-disclosure
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ