lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F05ADE1D8@pborolocal.rnib.org.uk>
From: John.Airey at rnib.org.uk (John.Airey@...b.org.uk)
Subject: Microsoft laxed security is threat to inter
	net

> -----Original Message-----
> From: System Outage [mailto:system.outage@...il.com]
> Sent: Friday, 09 July 2004 23:19
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Microsoft laxed security is threat to
> internet
> 
> 
> [snip]
> They (Microsoft) need to start using "Auto Updating" home and small
> business network's, and it doesn't matter about the critics who say
> it's a breach of privacy and you have no right modifying a users
> computer. At the end of the day, we are talking about the spawning of
> very large bot net's owned by script kiddies, who can easily take down
> internet back bones and take out key infrastructure, which the very
> existence of the internet depends on.

So you are asking that Microsoft can automatically break software on users
computers? Sounds like the cure is worse than the disease.

> 
> FD or BUGTRAQ can't save us now. Only Microsoft can. Implement Auto
> updating software for security patches without delay.
> 
There's only one saviour as far as I'm concerned, and it isn't Microsoft.

> I don't have much faith in Service Pack 2 (The overhaul of 
> Mircosoft code).

Doesn't this contradict your earlier statement about letting Microsoft
auto-update? Unless you are doubting whether users will install it. For
users on modem links an automatic update to SP2 is out of the question.
> 
> All of these Microsoft exploits will be the death of the internet one
> day, when script kiddies decide to execute the mother of all denial of
> service attacks against the internet. Trust me, bot net's big enough
> are paused and waiting for such a day.
> 
Death of the Internet - Movie at 11. 

We've already seen some massive attacks on the Internet (in fact 9/11 was
probably one of the biggest in terms of the backbone traffic generated) but
it's still up. Remember the original purpose was a network with no central
command (not even in Redmond, WA). It may not be perfect in that regard, but
it's still very robust. In fact, a backhoe can probably do more damage to
the Internet than Microsoft's software.

> Microsoft will have big legal costs if it can be proven a Microsoft
> flaw was the main vulnerability used.

Doubtful. They already disclaim responsibility for Windows anyway. Anyone
who trusts critical infrastructure to it needs to be sacked. How ironic it
is though that many cash machines in the UK are Windows terminals.

If it were so easy to fix these problems then most of us who are employed
and reading this list would be out of work. It isn't easy, and almost every
day is a game of techie russian-roulette which does wonders for my prayer
life.

-- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@...b.org.uk 

I don't know which is worse. The makers of soap operas thinking they portray
real life or those that watch them thinking it is real life!

-- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ