lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: niekbaakman at home.nl (Niek Baakman)
Subject: lame bitching about xpsp2

devis said the following on 8/13/2004 8:01 PM GMT+2:

> I am getting nimda probes because nimda from a start was made possible 
> by MS designing a web server full of damn holes ( read not tested, 
> deadlines, time is money ). Do not blame the people not patching their 
> boxes, as it is the problem today, but not the problem that caused it. 
> That is what i am talking about short term memory. Track problem at 
> their source instead of fixing now whats leaking., and will releak soon 
> another way. Aren't we likely to see a new worm attacking MS systems in 
> the next future ? Of course we will. Time to stop pretending computing 
> is easy just to sell their damn sofware, and educate people about 
> computer security, which is the reverse of what they have been doing, 
> for all these years. Applauding the change of direction ? I don't cause 
> it is higly hypocrit, otherwise the new pop up blocker of Internet 
> Explorer will block ALL popups.

MS web server full of damn holes? What about apache ?
What do you think would happen if you do not update your apache for a year,
or openssh, or any piece of software ?
What do you think would happen if you did not apply those MaxOSX updates
which Apple released over the past few months?
Don't talk about releaking and only mention Microsoft.
There are opensource programs which have the same track record.

All comes down to staying up-to-date, and patch.

 > Beside, the unix based permissions system has proven far superior, ask

I'd say NTFS is pretty advanced too. In some ways it is better.

 > apple. Still shameful that the default XP install, in 2004, at these
 > malware times, still logs you as an administrator . Would you feel safe
 > using ur *nix box as root everyday ? I wouldn't.

XP install asks for an administrator password, *and* to add one, or more normal 
users. I see the same behavior in some Linux distributions. (e.g. slackware does 
not ask you to create a user account during install).

Kind regards,

Niek Baakman

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ