lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200308150825.09002.dlhane@sbcglobal.net>
From: dlhane at sbcglobal.net (David Hane)
Subject: MS should point windowsupdate.com to 127.0.0.1

I just finally started reading this thread. I wish I had read it earlier but 
all the noise around this place has been driving me crazy.

Anyway, I have 2 such machines on my network. My solution has been to yank the 
ethernet cable . I know, minus points, but there are other ways to get 
information to/from the machine. In cases where it is only feasible to use 
the network I have trained the users to plug it in only for the duration of 
the network session. Believe it ro not this has been working great ever since 
my intern updated the machines and they were down for 3 days. Now the users 
know what it's like to not have them working and they're very helpful.

Actually this brings up an interesting idea. Has anyone ever actually "broke" 
a machine on purpose as a way to show the users how good they have it and how 
much trouble it would be for them if they don't cooperate with network 
policies? Sure it's not ethical but it could be quite effective?




On Thursday 14 August 2003 22:18, Schmehl, Paul L wrote:
> You're not allowed to participate.  Only the geniuses that think they
> have it figured out already. :-)
>
> Paul Schmehl (pauls@...allas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/~pauls/
>
> > -----Original Message-----
> > From: Blue Boar [mailto:BlueBoar@...evco.com]
> > Sent: Friday, August 15, 2003 12:15 AM
> > To: Schmehl, Paul L
> > Cc: Jeroen Massar; Tobias Oetiker; full-disclosure@...ts.netsys.com
> > Subject: Re: [Full-Disclosure] MS should point
> > windowsupdate.com to 127.0.0.1
> >
> > Schmehl, Paul L wrote:
> > > I just curious how you geniuses would solve this problem.
> >
> > You have a
> >
> > > multi-six figure scientific instrument, which is only
> >
> > manufactured by
> >
> > > one vendor in the entire world.  Your research department
> >
> > depends upon
> >
> > > that instrument to do research for which they are being funded
> > > handsomely by grants and expected to produce results.
> > >
> > > There's only one problem.  The instrument requires that you run
> > > Windows 2000 Server with IIS, and the vendor requires that you not
> > > apply *any* patches post SP2.  The government certifies the
> >
> > equipment
> >
> > > at a certain patch level, and if the equipment is patched then the
> > > certification no longer applies, the research is no longer
> >
> > funded and
> >
> > > you are now staring a six figure boat anchor.
> >
> > <snip>
> >
> > > 2) Minus points if you say "Don't allow access to the Internet.  It
> > > *requires* access to the Internet.  (IOW, it has to be able
> >
> > to connect
> >
> > > to "live" IP address ranges, not private IPs.)
> >
> > What *kind* of Internet access?  Any reason I can't put a
> > firewall or proxy
> > of some sort between it and the Internet?  Maybe an IDS
> > running as a router?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ