lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1060883057.6903.1571.camel@tesuji.nac.uci.edu> From: strombrg at dcs.nac.uci.edu (Dan Stromberg) Subject: "MS Blast" Win2000 Patch Download On Thu, 2003-08-14 at 10:09, Jeffrey A.K. Dick wrote: > Brad Bemis wrote: "Personally I am getting tired of people making these > kinds of comments. ... While it may be true that blocking port 135 at the > firewall would work in an ideal environment" > > Amen ... and ...forget about "ideal environment" ... it won't necessarily be > effective in *any* environment except the > "network-comprised-of-a-single-computer-that-nobody-uses" (tm). These people > clearly haven't heard of notebooks and the concept of people using them > outside the network (say, at home). Microsoft+VPN works fine with these ports firewalled. Nonmicrosoft software is also fine, so your linux box with ximian makes a good desktop that isn't affected, as is a Mac. You have choices. Or, at least, your superiors do, despite many execs liking to pretend there isn't anything in the world but microsoft. > These are the same folks who patted themselves on the back all Monday night > for protecting their networks ... until people started plugging their > notebooks into the network on Tuesday morning ... oops ... Agreed that firewalls are often ineffective, but that doesn't mean they shouldn't be used. I love the descriptiveness of firewalls as "a hard crunchy shell with a soft, chewy center". If you firewall -and- stay up on your patches, then you're using a firewall effectively. But many see a firewall as an excuse for not patching. -- Dan Stromberg DCS/NACS/UCI <strombrg@....nac.uci.edu> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030814/21e409ea/attachment.bin
Powered by blists - more mailing lists