lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0H0700MPCYGMNW@smtp1.clear.net.nz>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: lame vx2.dll

Len Rose <len@...sys.com> wrote:

> I'm a unix person. Maybe that means I am somewhat windows-illiterate,
> but I try hard to overcome this. Here is something I discovered about
> my particular workstation.
> 
> http://www.netsys.com/cgi-bin/display_article.cgi?1192

This is why, if you must use Windows, you should only use a 
"securable" version (NT/2K/XP) _and_ then you must lock the config 
down way tighter than the default.

Further, this is why you should not use IE and should disable as many 
of the "whizzy" options in your browser as possible.  Give a neophyte 
user the option to chose betwen "do it" and "don't do it" and they'll 
always pick the "do it" option.

And, they'll always pick that option even if it is bracketed with a
warning like:

   This will probably introduce viruses, delete all your crucial
   files, sell the soul of your fist born to the devil (or Bill Gates 
   -- whichever you find more repulsive), impregnate your grandmother 
   with a goat and steal your credit card details next time you enter 
   them in a web form.

   Continue?        Yes        No


Why do they always click "Yes"?

Because computers are such singluarly cr*ppy technology that anyone
who has used one for more than ten minutes "knows" that if you turn
off any "default" option or "prevent it from doing something it 
wants to" the whole thing almost irreparably goes to sh*t.

Your only protection against such typically human failings is to 
prevent typical humans from using your computers (not possible in 
this case) or to prevent as many of those opportunities from being 
able to present themselves to the failure-prone decision makers (so, 
disable as many whizzy browser options as possible, set strict ACLs, 
etc, etc).


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ