lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: daniele at muscetta.com (Daniele Muscetta)
Subject: Interesting side effect of the new IE patch

NO FLAME pls. !
The following part of the mail was:

>(Oh yeah and this is not a Microsoft only problem, or why do f.e.
> openssh/openssl allow RSA keys without passphrases?)

Indeed.
But it is the continuos struggle between security and usability....


---


With this I mean I do realize it is not just a Micrsoft problem, it is present everywhere.
It is because you try to give functionality, and each feature brings risks.
You have to find a balance among the two.

And how do you find a balance ?
You try. You go a bit one way a bit another, till you find the in-between.

I did not mean to bash.
Just considerations. 

Sp4 was not new nor elite, i know, i apologize.

Nite. Peace.

Daniele




InCisT wrote:

> Daniele Muscetta wrote:
> [SNIP]
>
>> They are just RUSHING to close as may bugs as possible.... and as always
>> happens when fixing things afterwards intead of designing them in 
>> from the
>> beginning, things either break, or settings that get closed have to be
>> re-opened again.
>> Another issue I personally encountered some days ago was an application
>> which all of a sudden stopped working after having applied SP4 (on a
>> windows 2000 server), because of the NEW user rights they introduced:
>> http://support.microsoft.com/default.aspx?kbid=821546
>
> [SNIP]
>
> Last I heard sp4 was NOT new. And this is typical of all software 
> companies not just MS. If something needs to be fixed ASAP and you 
> cant figure it out, disable it and work on it (email merge in Open 
> Office, some ACPI functions on 2.4.23, ect.) Its not just MS and im 
> not a MS lover by any means, but try and be reasonable and fair 
> instead of just company bashing.
>
> InCisT
>


Powered by blists - more mailing lists