| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: steve at videogroup.com (Steve) Subject: Re: MS-02-052 Hehe, right you are. But we've got more valuable things to do with our time than chasing patches that will never fully come through anyway. You don't have to use MS solutions when other developers are actually delivering better solutions. This way I don't have to sort out MS shit more than neccessary. And it's not like users are actually suffering working with less dangerous tools. Unless you have that budget to try to secure what has up until now never been secure ONCE, for the last couple of years, if ever. Now that time is spent updating better solutions and creating other working solutions which generates income. You may see that as an irrational shut-everything-down approach, which is your prerogative. To be honest the IIS block was in effect when Nimbda, I think, was running amock. As it is we only need access to Fedex. If everyone else were gone it would mean very little. To be specific it's not MY shit to sort out. If I'm dumb enough to use MS then I would HAVE to sort out their shit. Nice stab though... >My, what a rational and professional attitude ;-) >The other alternative is to learn how to lock those boxes down as well > as the others - the OS hardly ever makes a difference, the admin > _always_ does. But it's much easier to point and blame than to sort > your own shit out... > >Cheers. -- Steve Szmidt V.P. Information Technology Video Group Distributors, Inc.
Powered by blists - more mailing lists