lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu Aug 18 16:06:57 2005
From: pwicks at oxygen.com (James Patterson Wicks)
Subject: Re: It's not that simple...

I would not necessarily say "stupid-admin prone."  My experience shows
that these admins are more lazy/apathetic than stupid.  As you said,
there are a lot of tools and information out there for people who care
to secure their systems properly.  As demonstrated by the problems in
Disney and CNN, some businesses do not put an emphasis on properly
patching and maintaining their Windows until a problem appears.
Stupidity in II administration is not limited to administrators of
Windows systems.

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Micheal
Espinola Jr
Sent: Thursday, August 18, 2005 10:51 AM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Re: It's not that simple...

Exactly.  Because MS is such a stupid-admin prone OS, MS needs to work
harder at making tools like the recent SCW (Security Configuration
Wizard) available to all their OS's - not just the newer ones.

Even though checklists and security docs these days are numerous for
the basics - people aren't looking into them or following them because
of all the manual steps involved.  Things like the SCW need to be
embedded in the OS to make it as idiot proof as possible to apply a
secure configuration.

I think we'll all agree that lots of idiots maintain Microsoft OS's. 
It isn't necessarily MS's fault - but it is a culture that they
cultivated, so they definitely hold some accountability.


On 8/18/05, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote:
> On Thu, 18 Aug 2005 10:28:04 EDT, Paul Melson said:
> 
> > Very little pity for those who haven't hardened servers and
workstation
> > images this late in the game.
> 
> The problem is that there's literally a half billion workstation
images out
> there, run by people who think "harden" is what pr0n does do them....
> 
> Remember - *most* machines are run by Joe Sixpacks, not trained
sysadmins.
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> 


-- 
ME2  <http://www.santeriasys.net/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ