lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Re: Microsoft Security, baby steps ?

"Full-Disclosure" <fd@...vers.net> wrote:

> In an corporate environment, you will have SUS or SMS running.
> If so, no need for internet access.

But, need for general network access to get to those machines.  thereby 
breaking the "no general network access until secure" rule.  You could 
have a second SUS/SMS setup mirroring the configs off the general 
netowrk ones and only allow that to synch off the general one when the 
test/setup network is not being used for anything else _and_ no 
"unfinished" boxes are attached to the test/setup network.

Also, in other "institutional" environments that are nmot strictly 
"corporate" that distinction can be _very_ hard to meet for such a 
setup (e.g. universities and the like).

> If you don't have this, just place a firewall on the box, or before the
> box.
> How hard can this be ? You do it the same way, as you would do before
> you
> would patch debian/*bsd/gentoo/ect/ect/ect.

Yeah, yeah.

It's easy to decide the level of exposure _you_ are comfortable with 
and I was not saying tat everyone should do it that way, just that that 
was a valid set of restrictions to have to work under.

> There is no real problem here. Don't blame microsoft if you can't come
> up with solutions to simple security "problems".

I was not blaming them for that.  I was balming them for their own 
failure (much like yours) to think outside their own level and realm of 
experience and/or their faiulure (much like yours) to acknowledge that 
there could be situations where the solution they were comfortable with 
was not acceptable.

Think outside the box dude -- oh wait, it seems you cannot see it, so I 
guess that is asking too much of you...


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ