lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: purdy at tecman.com (Curt Purdy)
Subject: [inbox] Knocking Microsoft

James Saveker wrote:

<snip>
> Microsoft has in there defence started the trustworthy 
> computing scheme,
> which many would not hesitate to laugh at.  However windows 
> server 2003 does
> not by default load unnecessary services.  

So MS is doing what UNIX did from the start 20 years ago.  As for
"trustworthy computing", their first product, 2K3 server is just as
vulnerable to the two worst vulnerabilies in history, the RPC Dcom and ASN.1
vulns.

<snip>
> The code they produce is far more stringently tested in 
> regard to security
> than perhaps it was before.

Their registry based spagheti code still contains core code from the early
NT days. Even if the new code they write now is more secure, it's like
building a brick wall on quicksand.  The only solution is a complete
re-write from ground up and I don't believe even MS has the resources for
that now.  That is the reason I don't allow any XP on my networks and am
slowly replacing as many of my W2K desktops with SuSe Linux as I can.  My
servers are already majority UNIX and Netware.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 2496 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040227/a612a54d/winmail.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ