lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: vogt at hansenet.com (vogt@...senet.com)
Subject: AW: Re: MS-02-052 + blackholing MS

> I had the no-MS approach a few years ago, but when the bottom 
> fell out of the economy, telling people "no speaka NT" in an interview 
> didn't earn me many points.

Maybe you went to the wrong interviews? My own "security OR windos, choose
one" approach actually helped me secure the current job.


> While WinDOS is a pain in the butt to lock down, it can be 
> done, whether with 3rd-party tools or, increasingly, with stuff that 
> actually ships with it.

Absolutely. The main problem with windos seems to be that M$ is selling
people on the idea that you can be an NT admin in 2 weeks, and can run a
server without actually knowing what you're doing.
The few NT admins I met who knew their stuff were good, and I'm fairly sure
their systems were as stable and secure as the average Unix system out
there, maybe even more so. The problem are the million MSCEs who're driving
20-ton-trucks on the Information Superhighway and barely know what all the
funny pedals and switches are for.


> Dismissing a platform outright is not an option for me, and 
> it's not an option for most people either.

It should be, though. Unless you have one of the rare QUALIFIED windos
admins in your company, you shouldn't believe the hype and not think your
PFY can run the server farm.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ