lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <68E252B4-D0BF-11D8-A8E7-000A958871B8@oav.net>
From: kiwi at oav.net (Xavier Beaudouin)
Subject: shell:windows command question

>> This is not a real security matter
>
> Denial of Service causing the user to reset his system is not a 
> security
> issue?

I don't think that Denial of Service causing local user to reset his 
system because of local application locks the whole system... is not a 
security problem, but OS + Security problem...

If the M$ Operating System cannot deal with an application that 
locks... then the problem not only on application but also the whole 
system.

But this DoS is a bit less big than a remote DoS... that can compromise 
lots of OS...

BTW I really think that M$ is unresponsible with XP SP1 / SP2 about the 
fact the OS cannot be upgraded and fix the numerous holes that such OS 
gets all the time.

I am ok with the fact that people *should* buy the OS they use 
(especialy if it is a commerial OS), but M$ should take the 
responsability of all DDoS that is comming from his broken operating 
system that cannot be secured.

This is really a problem for lots of ISP that have "end users" target 
and that gets lots of infected system online on xDSL...

Even if M$ will make a patch for <any> hole, it will not be available 
nor automatically patched on all "copied" system...

Really we should make that on all our firewall, until MS takes his 
responsabilities :

            block in proto tcp from any os Doors
            block in proto tcp from any os "Doors PT"
            block in proto tcp from any os "Doors PT SP3"

Replace "Doors" by what you know...

My 0,02?
/Xavier

--
Xavier Beaudouin - Unix System Administrator & Projects Leader.
President of Kazar Organization : http://www.kazar.net/
Please visit http://caudium.net/, home of Caudium & Camas projects

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ