lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: fulldisc at ultratux.org (Maarten)
Subject: lame bitching about xpsp2

On Saturday 14 August 2004 22:00, Niek Baakman wrote:
> devis said the following on 8/13/2004 8:01 PM GMT+2:

>
> MS web server full of damn holes? What about apache ?
> What do you think would happen if you do not update your apache for a year,
> or openssh, or any piece of software ?
> What do you think would happen if you did not apply those MaxOSX updates
> which Apple released over the past few months?
> Don't talk about releaking and only mention Microsoft.
> There are opensource programs which have the same track record.

A)  Apache has a way better track record than IIS.  Jeez, it's not even in the 
same ballpark...
B)  Apache does not run in kernelspace. IIS does. Therefore, an apache exploit 
yields unprivileged user access. IIS on the other hand yields full compromise

Oh, and as an aside:  patching often is indeed neccessary, on all platforms.  
But at least MY vendor doesn't take several _months_ to provide such a patch.
Unlike some other vendor we all know.

Maarten

-- 
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ