lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <3fa898104070915181fea9ffb@mail.gmail.com>
From: system.outage at gmail.com (System Outage)
Subject: Microsoft laxed security is threat to internet

We spend our times discussing the flaws in developers coding and
saying "a s cript kiddie  can do this" how can we stop script kiddies
from doing X.

Let's look at script kiddies. Where do you think they get information
from to be script kiddies? I'll tell you where. From lists like this.
Yes, this list is pro-active in the discussion of preventing attacks
on various network, systems, and softwares by script kiddies.

How much of a percentage of discussion and disclosure on this list is
actually counter acting script kiddie hood and how much is actually
aiding them to carry out further malicious activities across the
internet on a global scale?

Yes, you can use this list to make vendors aware of a security
situation. Although how many users are updating straight away and how
many users are unaware of a flaw.

I think security lists are geared up more at the vendor patching X,
than making the consumer aware of a security flaw and asking them to
update.

Microsoft Windows. How many consumers know of flaws and the need to
update as-it-happens. How many consumers read online articles from,
for example Cnet News? Hardly any.

Leaving the script kiddies to a hackfest of compromising home and
small business network's and computer's for months, going undetected.
Corporate network's and computer's obviously don't apply, because they
are watching list's like FD like a hawk. Though for the average
consumer. It is likely your computer will be taken over and zombified
by scripts run by script kiddies.

FD is only informing corporations and not the average user. Even
corporations and developers cannot alert the -majority- of average
users to a security flaw, which need's an urgent patch implemented.

Most average users will still be vulnerable to flaws FD was disclosing
more than a year ago.

F**k Microsoft.

They (Microsoft) need to start using "Auto Updating" home and small
business network's, and it doesn't matter about the critics who say
it's a breach of privacy and you have no right modifying a users
computer. At the end of the day, we are talking about the spawning of
very large bot net's owned by script kiddies, who can easily take down
internet back bones and take out key infrastructure, which the very
existence of the internet depends on.

FD or BUGTRAQ can't save us now. Only Microsoft can. Implement Auto
updating software for security patches without delay.

I don't have much faith in Service Pack 2 (The overhaul of Mircosoft code).

All of these Microsoft exploits will be the death of the internet one
day, when script kiddies decide to execute the mother of all denial of
service attacks against the internet. Trust me, bot net's big enough
are paused and waiting for such a day.

Microsoft will have big legal costs if it can be proven a Microsoft
flaw was the main vulnerability used.


Cheerio


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ