lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5.0.0.25.2.20040326132711.03c680c0@pop3.direcway.com>
From: madsaxon at direcway.com (madsaxon)
Subject: Re: Microsoft Coding / National Security  Risk

At 01:23 PM 3/26/2004 -0500, joe wrote:

>I would hope the US government isn't using Windows in the way normal home
>users are. And in fact having personally spoken with several folks from the
>US Government and the US Military (US Army specifically which was
>interesting...) in charge of this stuff this week at a conference I can
>actually in fact say that they don't use Windows like normal home users.

A sample size of "several" is hardly adequate for drawing a
conclusion of this magnitude.  The fact is that there are no
universal standards for Windows installations in the US government.
There are mountains of best practices, mandates, regulations,
and policies, but none of these ensure rigid compliance. The
degree to which Windows workstations are "locked down" runs the
full spectrum, right up to 'virtually wide open.'

The US military is considerably more rigorous than the civilian
government in this regard, but even then there are systems which
have slipped through the cracks. Evidence for this is the fact that
Web defacement mirrors still occasionally contain both .gov and
.mil entries.

m5x

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ