lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: svgn at orbid.be (Serge van Ginderachter (svgn))
Subject: Learn from history?

I work in SME environments. Those guys don't have the resource and money,
nor the knowledge to begin to understand.
It's also about practical stuff.

> 1. Keep informed.

Sure. I'll inform all my 300 customers MS release a bug today, and I'll drop
by to all of them to patch tomorrow.

> 2. Install patches as soon as possible

That would involve runnning Windows Automated Update every night
automagically...

> 2. If a patch cannot be installed, find workarounds

That does not work with the workarounds customer need to facilitate life
(security <> easy of use, remember)

> 3. If it is a port-related threat, find out if such ports are 
> in use, and if 
> not, make sure they are closed. (Of course there would 

Once the virus is on the LAN it can do whatever it wants.

> Some of the comments overheard this week regarding Sasser:

I got a nice one today, when trying to explain why opening OWA directly is
not a nice idea:
"I have a natting router which acts like a firewall and I have anti-virus
software, so what's the problem?"
I did propose some firewall, but they feel it's too much EUREUREUREUR
 
> Will they learn from history? Only history will tell.

I'm pretty sure they won't. Even most tech guys don't have a clue.




	Serge

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ