lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030930070101.GR1748@suespammers.org>
From: rodrigob at suespammers.org (Rodrigo Barbosa)
Subject: [inbox] Re: CyberInsecurity: The cost of Monopoly

On Mon, Sep 29, 2003 at 11:51:03PM -0500, Paul Schmehl wrote:
> >As some may recall, my original statement was an answer to someone that
> >was points that Unix is more secure then Windows (I agree up to this
> >point), and gave and example telling that there are still several codered
> >vulnerable machine around. This is the point I was commenting about. And
> >you do have to agree that is a machine, today, is still vulnerable to
> >Codered, it is mostly due to a fault of the administrator.
> >
> I'm going to pick one small nit with you.  There is another possible guilty 
> party.  In some cases, at least in edu and medical centers (that's what I'm 
> familiar with) the *vendor* is at fault.  Some vendors will not certify 
> their scientific instruments with the latest Service Packs and patches, 
> leaving the admins no other choice but to find some other way to protect 
> the machine.  (Hell, we sometimes have trouble getting vendors of 
> *security* devices to support their products with the latest SPs and 
> patches.  (Which is another reason that I dislike putting security-related 
> software on Windows boxes, but sometimes you simply have no choice.)

I stand corrected.

I kind of remember something about a friend of mine (Win admin) installing
NT SP2 and it breaking MS-SQL server.

And yes, you are correct about vendors too.

So, simply put, we are doomed :)

- When the software gets a bugfix released, you can't install it because
of the vendor
- When you can install it regardless of the vendor, the net admin forgets
to install it
- When the net admin remembers to install it, the users mess up
- When the user don't mess up, the cleaning lady pulls the plug

Talk about trustworthy computing :)

[]s

-- 
Rodrigo Barbosa <rodrigob@...spammers.org>
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030930/fd5b5331/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ