| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Apr 2003 11:07:48 -0400 (EDT) From: "David F. Skoll" <dfs@...ringpenguin.com> To: Jason Coombs <jasonc@...ence.org> Subject: RE: Windows Server 2003 Security Guide available On Fri, 25 Apr 2003, Jason Coombs wrote: > For all the progress Microsoft has made lately in understanding > security, it's the simple things that most of us take for granted as > obvious that still get overlooked for some reason. > Microsoft does not distribute these guides using SSL, so the distribution is > vulnerable to MITM attacks. Indeed. > Anyone interested in downloading these guides must be aware that > they are distributed by Microsoft in the form of self-extracting > .exe's bearing digital signatures embedded in the Portable > Executable file's header section. Just out of curiosity (I have no Windows systems, but anyway...) I downloaded the .exe and was able to unpack it under Linux using "unzip". So if you want to examine this file more-or-less securely, open it on a UNIX or Linux box instead of Windows. What I found interesting is that some of the documentation is in Microsoft Word or MS Excel format. This implies that to take full advantage of the information, you need to own an MS Office license. Is this another example of abuse of monopoly? For that matter, are .doc or .xls documents necessarily safer than .exe's? You decide... -- David.
Powered by blists - more mailing lists