[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.53.0304291105220.7887@shishi.roaringpenguin.com>
Date: Tue, 29 Apr 2003 11:07:48 -0400 (EDT)
From: "David F. Skoll" <dfs@...ringpenguin.com>
To: Jason Coombs <jasonc@...ence.org>
Subject: RE: Windows Server 2003 Security Guide available
On Fri, 25 Apr 2003, Jason Coombs wrote:
> For all the progress Microsoft has made lately in understanding
> security, it's the simple things that most of us take for granted as
> obvious that still get overlooked for some reason.
> Microsoft does not distribute these guides using SSL, so the distribution is
> vulnerable to MITM attacks.
Indeed.
> Anyone interested in downloading these guides must be aware that
> they are distributed by Microsoft in the form of self-extracting
> .exe's bearing digital signatures embedded in the Portable
> Executable file's header section.
Just out of curiosity (I have no Windows systems, but anyway...) I
downloaded the .exe and was able to unpack it under Linux using
"unzip". So if you want to examine this file more-or-less securely,
open it on a UNIX or Linux box instead of Windows.
What I found interesting is that some of the documentation is in
Microsoft Word or MS Excel format. This implies that to take full
advantage of the information, you need to own an MS Office license.
Is this another example of abuse of monopoly? For that matter, are .doc
or .xls documents necessarily safer than .exe's? You decide...
--
David.
Powered by blists - more mailing lists