lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <007f01c34caf$e6ef5c20$0100a8c0@p3600>
From: chows at ozemail.com.au (gregh)
Subject: Odd Behavior - Windows Messenger Service

> ----- Original Message ----- 
> From: morning_wood 
> To: Jay Sulzberger ; Neil McKellar 
> Cc: full-disclosure@...ts.netsys.com ; Jay Sulzberger 
> Sent: Friday, July 18, 2003 7:08 AM
> Subject: Re: [Full-Disclosure] Odd Behavior - Windows Messenger Service


> once again Jay, Bravo Bravo Bravo
> damn, you just may be the only one who gets the point of my post
> or do we need to wade through 20 more ppl telling me how to secure a system
> or how services act or initialize.
> ( and at that they have no concept of my particular topology..  and
> furthermore can only see fit to blast away completly missing the target and
> shooting themselves in the foot thats squarley stuck in thier mouths..
> hint: take off the white hat so you can see 2 feet beyond your certs and
> books)


Don't forget my post of last week. Microsoft dont quite AGREE that it should or shouldnt happen that the machine has contact with the network before the human is ready to do so but they DID agree to put in an option in the next SP/full Windows, that network connections do NOT happen until logon. In other words, this whole issue may become a moot point when that release happens.

Without assaulting people reading this - or even attempting to do so - with why I think they are wrong when they disagree this is a bad thing, I just have to remind the readers, here, that they restrict access to certain ports for certain users, watch out for trojans and spyware, worry about things such as keyloggers running through their work and home lans that may be watching the important and necessarily protected data on their lan clients. Why bother securing ANY data at all when a machine that may already be infected and attempting to mass infect the lan clients and/or contact internet before the user can properly use it may be completely stuffing your site and/or reporting sensitive data through the middle of your firewall? 

Greg.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ