lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: SMoyer at rgare.com (Moyer, Shawn)
Subject: Re: MS-02-052 + blackholing MS

Sho nuff, and all those all-Linux, all-BSD, all-Tru64, all-Websphere,
all-IPlanet, and all-Apache shops out there have been nothing but rock-solid
these past few months, lemme tell ya... 

I had the no-MS approach a few years ago, but when the bottom fell out of
the economy, telling people "no speaka NT" in an interview didn't earn me
many points.

While WinDOS is a pain in the butt to lock down, it can be done, whether
with 3rd-party tools or, increasingly, with stuff that actually ships with
it. Actually, in a lot of ways the default installs of Solaris and HP/UX
could be argued as being more trusting than, or at least as trusting as, 2K.
And don't even get me started on Linux. Slack 8.1 still has portmap on by
default. Blarg.

The way I look it, business needs and developers define the environment, and
our Sisyphean task is to keep it up and solid within the constraints we're
provided. Some platforms make it harder than others, but that's why we get
to drive sports cars and wear leather pants to DefCon. 

I'll continue to curse MS daily, but I'll curse FBSD, HP, Cisco, Nortel,
Theo, and whoever else ends up being a thorn in my side just as much.
Dismissing a platform outright is not an option for me, and it's not an
option for most people either. If it is for you, Steve, rock on. Hell, I'd
shut down our I-net pipes if I could do it, and put every one back on
VT220's and go back to one VMS box for the whole company, if I could do it
and if it still served our business needs.

All our Hushmail-ites on this list are probably sitting on 2K / XP or VMWare
boxes themselves; at least I've never been able to get it to work in
Mozilla. So sometimes you gotta dance with the devil, whether you want to or
not... You just make sure and wear a flame-retardant cumberbund and a crash
helmet. :)

Besides, isn't this required reading in Redmond nowadays? --->
http://www.microsoft.com/mspress/books/5612.asp



(Hypocrisy disclaimer: I just gave hellNbak crap for running an Exchange box
on the I-net three days ago. So sue me.)




--shawn


> -----Original Message-----
> From: gobbles@...h.com [mailto:gobbles@...h.com]
> Sent: Friday, 20 September, 2002 11:28 AM
> To: full-disclosure@...ts.netsys.com; steve@...eogroup.com
> Cc: bugtraq@...urityfocus.com
> Subject: Re: [Full-Disclosure] Re: MS-02-052
> 
> 
> 
> >Steve Szmidt
> >V.P. Information Technology
> >Video Group Distributors, Inc.
> 
> How people like this get promoted?
> 
> Gobbles wonder if IT staff point and laugh
> or laugh behind back.
> 
> What make not running M$ secure?
> 
> 
> 
> Get your free encrypted email at https://www.hushmail.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ