lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: geoincidents at getinfo.org (Geoincidents)
Subject: Gates: 'You don't need perfect code' for good security

> But IMHO, that *is* the point.  If it's on the Internet, it's exposed .
> . . And if a stored procedure is exposed, then the whole system is
> exposed . . .

Nonsense, you read to many MS papers <g>. Lots of ISP's run SQL servers on
the internet for radius authentication, where the database and stored
procedures are not exposed. Just because MS describes something you don't
consider safe, you are assuming there isn't a safe way to do it?

If what you say is true, then all the MS databases where they store
registration information, windows update information, activation
information, they must all be exposed so how about posting exploits for them
so we can get MS to secure our data? Or are those on the net yet not
exposed?

Geo.


Powered by blists - more mailing lists