lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 22 Sep 2009 22:17:58 -0600
From: Chris <r0ck@...ramail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Dumb question: Is Windows box behind a router
 safe ?

Bullshit.

Screw NAT, screw routers, screw bots.

The *FIRST* thing Steve should be doing is patching his computer.  There is absolutely no freaking excuse for having an unpatched or halfway patched computer running Windows whatever.  Microsoft has made Windows Update idiotproof...to the point where any average desktop user NOT using it is a moron.

To try to compensate for his lazy, half-assed attitude is just putting a band-aid on the Grand Canyon. 

To think that his unpatched and probably already compromised computer is safe just because it sits behind a router, of which he has no idea if it is secured, is the blind leading the blind.

PATCH THAT BOX.  Turn on Automatic Updates, set them to install and reboot automatically, Steve.  You won't have to do anything except keep living in the fantasyland you live in now...but at least your computers won't be spewing out garbage.


> ----- Original Message -----
> From: "Michael Fritscher" <michael@...tscher.net>
> To: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Dumb question: Is Windows box behind a router safe ?
> Date: Tue, 22 Sep 2009 20:42:06 +0200 (CEST)
> 
> 
> Hi Steve,
> 
> I hope you haven't caused a storm with aggressive mails here^^
> This maillinglist is more about now detected holes in soft- and hardware...
> 
> First, you certainly mean not a normal router (which is on most cases 100%
> transparent in both directions), but a NAT-router.
> 
> What the NAT blocks (in most cases) are incomings connections - But
> expecially since XP SP2 this is a very seldom used way to attack
> computers.
> Nowadays, most bad software use holes in apps - browser, office, flash and
> so on which use outgoing connections - which are NOT blocked by a
> NAT-router.
> So, yes, a bot connectiong to a botnet could be installed if Firefox or a
> plugin like Flash, Java, Quicktime and so on has a hole and you browse on
> a "bad" site.
> 
> Btw, please read about NAT, routing, current bad software etc in the
> internet - this will help you understanding the concerns.
> 
> Sincerly,
> Michael
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

>







-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ