lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.53.0403190130040.19912@test1900.meganameservers.com>
From: todd at hostopia.com (Todd Burroughs)
Subject: Operating Systems Security, "Microsoft Security,
 baby steps"



On Thu, 18 Mar 2004, Schmehl, Paul L wrote:

> > Updating any OS is a pain in the ass, but all of them have
> > flaws and need to be updated.  I find that at least with the
> > UNIX-like ones, you can go on the Net and do your updates
> > faster than you get rooted.
>
> This is foolish thinking.  Do you really think that, when a patch comes
> out, *then* the hackers start working on exploits?  The exploits were
> being used *long* before the patch comes out.  The only thing a patch
> gets you is protection against *future* hack attempts against *that*
> weakness.

Wasn't that something that MS tried to say, the "hackers" are reverse
engineering our patches?  That was funny, but the sad thing is that a
lot of people will believe it.

What I meant is that you can most likely actually use the Internet to get
patches with a fresh install before you get taken over, not that somehow
UNIX-like systems make patches before the exploits are out there and being
used ;-)  It's quite apparent by other threads on the list that this is
not generally the case with Windows.  Just being patched doesn't mean
that you are safe, but it's better than running well known security holes.

Obviously, if you go on the Net with all services running, especially
on an unpatched box, you're gonna get rooted pretty quickly.

Todd Burroughs


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ