lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.NEB.4.55.0307191314330.24479@panix2.panix.com>
From: jays at panix.com (Jay Sulzberger)
Subject: Fw: Re: Odd Behavior - Windows Messenger
 Service 


On Sat, 19 Jul 2003 Valdis.Kletnieks@...edu wrote:

> On Sat, 19 Jul 2003 11:21:57 EDT, Michael Gale <michael@...esuperman.com>  said:
>
> > Sure it would be great is Microsoft released secured versions of Windows but
> > then average users like my parents and sales people would require a greater
> > understanding of computers and security in order to use them because they would
> > find all these features they so love to be disabled or blocked.
>
> Many people in the security field think forcing people to have enough of a clue
> to find things to enable them would be a Good Thing.
>
> How much random scanning on port 135 would there be if Windows simply
> prohibited wide-open sharing of C$ and anonymous enumeration of accounts?
> Yes, people would then have to *think* about who they really wanted to share
> their data with - which is more work than Redmond has traditionally wanted
> users to do.
>
> However, I am of the opinion that the Redmond model is a false time-saver,
> because it trades the "5 minutes to figure out how to share only the folder you
> want with only the other machines you want" with the "days lost when you get
> hacked by something via a wide-open share".

This is the paradigm case of "first, even most blunt, cost benefit estimate".

oo--JS.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ