lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: John.Airey at rnib.org.uk (John.Airey@...b.org.uk)
Subject: Avoiding being a good admin - was DCOM RPC 
	exploit (dcom.c)

> -----Original Message-----
> From: Jason [mailto:security@...enik.com]
> Sent: 29 July 2003 18:15
> To: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Avoiding being a good admin - was DCOM
> RPC exploit (dcom.c)
> 
[snip]
> It can be done and it is hard and it cold be expensive but the 
> alternative is more expensive and more difficult.
> 
> 
I have only one thing to say you Jason, and that is "pragmatism". It would
be fantastic to be able to patch every machine on every corporate network.
Unfortunately it isn't feasible for the financial reasons already stated. It
may be a little unfair me criticising your maths (especially when I scraped
through the maths half of my degree), but you should check your figures
before posting to a list like this.

Guarding the borders of your network is where it really matters, just like
any country does with its own borders. Do you have locks on all the internal
doors of your house, or just the external doors? I suspect it's just the
external ones, and possibly one other.

I suggest you read the biblical books of Jonah and Jeremiah and ask yourself
which one would you like to be? Would you prefer to be Jonah, warning of
impending doom and then when people take notice you lose face (it's already
happened to many people with the Y2K bug). Or would you prefer to be
Jeremiah, warning of impending doom and being proved right when no-one takes
notice? Neither are very appealing.

We in IT are forever being like Jonah, warning of doom if we don't do X and
Y, and it doesn't happen because it gets done (eventually). On the occasions
when it isn't done in time, our credibility doesn't go up even if we are
right like Jeremiah. We certainly don't ever want to gloat about it. 

Fortunately I have a thick skin, and my troll detector is on yellow
(elevated) alert.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@...b.org.uk 

The trouble with post-modernism isn't just that no-one actually believes in
it, but no-one can believe in it.

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ