lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: scheidell at secnap.net (Michael Scheidell)
Subject: Lets discuss, Firewalls...

> Admin password is blank.
> > All IPC$ shares are there.
> I can surf the web from the box so it is fine.

security industry has a saying: crunchy on the outside, chewey on the
inside.

EASY to get inside your computer with your help.
Once done, you are 0wn8d.

you can hit a malishious web site and automaticly start running active x
controls.

you can receive a 'day0' virus that runs on your computer.

you can get a call from the FBI (like 19 others did last week, and 318 did
on September 13th, 2001) saying that they suspect that either you are a
hacker or terrorist, or your computer has been taken over by a hacker or
terrorist

you can have all your data wiped out, owned, cookies taken (where pin
numbers, passwords and bank accounts might be)

you can have spyware loaded that will keep track of all of your
keystrokes, including pin numbers, passwords and bank accounts.

you can get your isp to cut you off due to activity that you didn't even
see happening.

> If you serve NO applications from the inside of your network (no publicly
> accessible web server, email server, ftp server etc...), and you have a NAT
> router so your addressing on the inside or your home or business is private
> (i.e. 192.168.0.x, 10.10.10.x, 172.16.1.x)

those 20 systems that were to SERVE UP the sobig.F upgrade were running on
programs, no servers (except that which the hacker put on)
> 
> Do you still need a firewall? Why?

you need more than a firewall.

says top 7 mistakes users make, #4 (i think) is:
Relying primarly on a firewall.

You need to practice 'save hex' in all that that means.

-- 
Michael Scheidell, CEO
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ