lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Aug 17 20:04:15 2005
From: prb at lava.net (Peter Besenbruch)
Subject: It's not that simple... [Was: Re: Disney Down?]

Fergie (Paul Ferguson) wrote:
> I'll tell you why -- [snip]

> So there you have it -- there's still a LOT of Windows 2000 out 
> there...
> 
> Having said that, you also have to realize that from the time the 
> MS05-039 vulnerability was disclose (and the exploit code was 
> released the same day), to the time that very large enterprises had 
> to deploy it was very, very short compared to threats of the past.

When reading Seltzer's article, it's easy enough to see the gaping hole
in his logic. He basically argued that XP and 2003 were not going to be
affected (he appears to be changing his mind on this), and that
corporations that used 2000 all used firewalls. Unfortunately, he failed
to see the effect an infected laptop would have, of bringing an infected
machine inside the perimeter.

> -- Micheal Espinola Jr <michealespinola@...il.com> wrote:

> You [Seltzer] also say, "If it had been International Paper or some
> company like that rather than media outlets I suspect it wouldn't be
> getting all this attention". While this is likely true, this
> exemplifies the need to take security matters more seriously.

I question this a little. First, I haven't heard anything about
International Paper, but have heard about SBC, UPS and quite a few 
others. I also suspect many more companies were severely impacted, but 
won't step forward to admit it. The news agencies, to their credit, DID 
admit it and reported it.

> ...I'm not trying to badger you, but in light of the Disney, CNN, ABC, 
> and The New York Times mishaps (amongst others), I must admit that 
> I'm glad I don't follow your column or style of advise.

No kidding. Nor do I like Seltzer's lack of candor after being caught so
far off base. It's a very human reaction, but one which damages his
credibility and sullies the reputation of eWeek.

-- 
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ