lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: bwatson at netTracers.com (Bryan K. Watson)
Subject: [Fwd: Edwards AFB shut down by W32Blaster] (fwd)

> That is a load of B.S. if I ever heard it.

I can attest to the fact that this is indeed.... NOT BS...

True, there are a bunch of MCSE's that are on top of things....however,
there are way too many scam artists with MCSE's who only give a damn about
getting a bigger consulting fee than securing their customer's networks.  I
know this because I am one of us few who go clean up after these losers have
caused network failures, data loss, or intrusions.  I just did a job last
week where an Exchange server was behind a Netscreen...hey, looked like the
site was setup properly by the MCSE/Cisco Certified consultant....but no,
the server was Static Mapped with no access policies applied and was being
pounded with port 1026 pop-up messages which alerted me to the fact that it
was totally open to the net and upon further investigation I found that it
even allowed RW/anonymous access to all server shares.

Oh, and the clincher was that the loser of a consultant was upset that I
changed his customer's network configuration and thinks that it was fine the
way that it was....even after showing him a 40 page Nessus scan report.

THIS IS NOT ATYPICAL in the SMB (Small, Medium Business) arena.  And those
are the zombies and 0wn3d systems that affect the rest of the net.


The statement below that you so vehemently disregarded is more accurate than
you seem to understand because marketing rules, pretty pays, etc.  Microsoft
understands that.  When customers start demanding security over beauty, then
M$ will wi$ely go where the customer is demanding.  That's business.

- Bryan K. Watson
- netTracers.com

>- --- "Microsoft doesn't really care though... after all most half-wit
>MCSE's out there would rather have Windows 2000's mouse have a nicer drop
>shadow to it then being able to figure out which programs are on which
>ports."

>- -Marc - eEye

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ