lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200209201259.47723.steve@videogroup.com>
From: steve at videogroup.com (Steve)
Subject: Re: MS-02-052

Hehe, right you are. 

But we've got more valuable things to do with our time than chasing 
patches that will never fully come through anyway.

You don't have to use MS solutions when other developers are actually  
delivering better solutions. This way I don't have to sort out MS shit 
more than neccessary. And it's not like users are actually suffering 
working with less dangerous tools.

Unless you have that budget to try to secure what has up until now never 
been secure ONCE, for the last couple of years, if ever. Now that time 
is spent updating better solutions and creating other working solutions 
which generates income. You may see that as an irrational 
shut-everything-down approach, which is your prerogative. 

To be honest the IIS block was in effect when Nimbda, I think, was 
running amock. As it is we only need access to Fedex. If everyone else 
were gone it would mean very little.

To be specific it's not MY shit to sort out. If I'm dumb enough to use 
MS then I would HAVE to sort out their shit. Nice stab though...

>My, what a rational and professional attitude ;-)
>The other alternative is to learn how to lock those boxes down as well
> as the others - the OS hardly ever makes a difference, the admin
> _always_ does. But it's much easier to point and blame than to sort
> your own shit out...
>
>Cheers.

-- 
 
Steve Szmidt
V.P. Information Technology
Video Group Distributors, Inc.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ