lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6199A25648C5CF4596C8577AC6D203133519@osiris.wetgoat.net>
From: james at wetgoat.net (James P. Saveker)
Subject: Re: Microsoft Security, baby steps ?[Scanned]

Random Letters said....

<snip>
1. Home users - don't have adequate protection and get turned into zombies. 
They then bombard us. OK - this is dealt with by an externally facing
firewall but see #2 below.

2. Office workers with laptops or VPN connections to the internal LAN - get
'infected' (see #1 above) and then connect to the internal LAN. They then
bombard any newly set-up PC before we get a chance to patch it. BTW you
still have to connect to a network if you have a SUS or SMS server.
</snip>

By saying see #1 above you are comparing a corporate laptop to a home
computer?  Or are you suggesting that sysadmins should allow remote users to
come in from any phone line/IP and or public computer.  The thought of
allowing machines that do not belong to the company on the internal network
does seem like suicide.  

Also SMS(bits update) and SUS are not designed to bring machines up to date
from gold install editions.  That should be done by slipstreaming updates
onto install cd's and preferably in a corporate environment you are not
going to be installing lots of machines from disks so the same principal
should be applied to your RIS server or albeit image multicasting server.

<snip>
The "need to patch before I put it on the network" / "need to put it on the
network to get the patches" IS a real problem for many sysadmins.
</snip>

Why?  They must not be keeping there install images up to date.  "need to
put it on the network to get the patches" ; well that's just not true.

That's my five pence,

James Saveker
www.wetgoat.net 

"The only thing which helps me maintain my slender grip on reality is the
friendship I share with my collection of singing potatoes..."

This e-mail has been virus checked by Sophos Mail Monitor. There are
inherent dangers in the opening any Attachments contained within e-mails.
wetgoat.net cautions you to make sure that you completely understand the
potential risks before opening any of the Attachments. You are solely
responsible for adequate protection and backup of the data and equipment
used in connection with this e-mail service, and wetgoat.net will not be
liable for any damages that you may suffer in connection with using,
modifying or distributing any of the Attachments.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3024 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040318/60528769/smime.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ