| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200403171800.i2HI0WNQ010566@turing-police.cc.vt.edu> From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Re: Microsoft Security, baby steps ? On Wed, 17 Mar 2004 16:19:36 GMT, Jos Osborne <Jos@...temi.co.uk> said: > >It doesn't address the issue. The requirement is that some MS customers need > >to patch without putting the machine on the internet. For whatever reasons. > > > >Is that such an unreasonable request? > > > >Geo. > Sorry to sound incredibly dense, but if the machine in question is never > being connected to a network does it really need securing/patching? Yes, it does. Unless you have physical security in place to guarantee that *all* access is from trusted users, you need to patch the box. 1) It may be going on a *corporate* network that doesn't have direct *internet* connectivity. 2) Such things as standalone multiuser machines *do* exist - they need to be secured as well. Similarly for standalone boxes in non-secured locations - consider the case of a PC-based cash register in a store... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040317/c3ca4517/attachment.bin
Powered by blists - more mailing lists