lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1060883057.6903.1571.camel@tesuji.nac.uci.edu>
From: strombrg at dcs.nac.uci.edu (Dan Stromberg)
Subject: "MS Blast" Win2000 Patch Download

On Thu, 2003-08-14 at 10:09, Jeffrey A.K. Dick wrote:
> Brad Bemis wrote: "Personally I am getting tired of people making these
> kinds of comments.  ... While it may be true that blocking port 135 at the
> firewall would work in an ideal environment"
> 
> Amen ... and ...forget about "ideal environment" ... it won't necessarily be
> effective in *any* environment except the
> "network-comprised-of-a-single-computer-that-nobody-uses" (tm). These people
> clearly haven't heard of notebooks and the concept of people using them
> outside the network (say, at home).

Microsoft+VPN works fine with these ports firewalled.  Nonmicrosoft
software is also fine, so your linux box with ximian makes a good
desktop that isn't affected, as is a Mac.  You have choices.  Or, at
least, your superiors do, despite many execs liking to pretend there
isn't anything in the world but microsoft.

> These are the same folks who patted themselves on the back all Monday night
> for protecting their networks ... until people started plugging their
> notebooks into the network on Tuesday morning ... oops ...

Agreed that firewalls are often ineffective, but that doesn't mean they
shouldn't be used.  I love the descriptiveness of firewalls as "a hard
crunchy shell with a soft, chewy center".  If you firewall -and- stay up
on your patches, then you're using a firewall effectively.  But many see
a firewall as an excuse for not patching.

-- 
Dan Stromberg DCS/NACS/UCI <strombrg@....nac.uci.edu>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030814/21e409ea/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ