lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 25 Mar 2008 09:02:59 +0100
From: Vincent Archer <archer@....frmug.org>
To: bugtraq@...urityfocus.com
Subject: Re: hacking the mitsubishi GB-50A

According to James C. Slora Jr.:
> I'll stop worrying about securing Intranet devices and applications, and
> use 192.168.1 addressing as my only security measure from now on.
> 
> </sarcasm>

<nitpick>You forgot the opening sarcasm tag</nitpick> :)

Regarding all those posts about "but it's only an internal access, so
don't worry": Last year, Forrester published a report that estimated
85% of the security problems came... from the inside of the network.

Whether it's a disgruntled person, or simply a tele-operated zombie
PC, your internal network is as much a source of threat as the internet.
There's less threats inside, but, because they ARE inside, they are more
likely to succeed. And saying that 192.168.* is a security measure is
about as accurate as sticking your head in the sand and thinking
no one can see you.

-- 
	Vincent Archer			Email:	archer@....frmug.org

All men are mortal.  Socrates was mortal.  Therefore, all men are Socrates.
							(Woody Allen)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ