lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <A4F3081BB4DFA34E9F50DAB5109D78BD01CA236A@ptle2m02.up.corp.upc>
Date: Thu Jul 13 18:14:46 2006
From: ACastigliola at unumprovident.com (Castigliola, Angelo)
Subject: 70 million computers are using
	Windows	98rightnow

>This doesn't mean that W98 is secure. On Secunia's site the latest
>(corrected) vulnerability is dated 20060613, less than 1 month ago, and
>tomorrow someone could find a new one that won't be corrected.

Sure, that could happen but seeing how there are only two known exploits
published in 2006 for Windows 98 I think it is safe to say that the risk
is fairly low. Why should Microsoft spend millions of dollars to operate
a team to update Windows 98 when there was such a low volume of exploits
for Windows 98 with very little details regarding the specifics of the
exploit and no known code has been released to exploit these
vulnerabilities? 

>You don't need 2000 vulnerability. It's enough only one exploit to
>create a 70 millions PC zombi net.

I'd like to see someone discus the plan of execution of exactly how a
hacker would go about compromising 70 million Windows 98 computers.
Create a malicious website with Quake cheat codes? My guess is that
whatever number of computers is really running Windows 98; these
computers are underutilized.

>Maybe you are just getting confused. One thing is security and another
>one are the "features". From a *security* point of view, OSS solutions
>like FF or TB, can be more secure than the counterparts IE and OE.
>
>However, AFAIR, browser's *features* are not the main topic of this
>mailing list

I disagree; there is always the middle ground between usability\features
versus risk. Is your computer so secure that it can not perform the
tasks you are looking to complete? My point for this comment is to
express a different solution to surfing the internet as a
non-administrator, significantly lowering risk and still enjoy the
feature rich functionality that IE offers.

>Seems MS partners are recommending using IE, but if you use a lot of
XUL
>applications IE is really the worst solution.
 
Whatever tool is best for the job. *cough* .NET *cough*

>But I think this is OT, here, don't you agree?

Indeed.

Angelo Castigliola III
Enterprise Security Architecture
UnumProvident

The posts and threads in this email do not reflect the opinions of nor
are endorsed by UnumProvident, Inc., nor any of its employees.

-----Original Message-----
From: Flavio Visentin [mailto:THe_ZiPMaN@...man.it] 
Sent: Wednesday, July 12, 2006 5:56 PM
To: Castigliola, Angelo; full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] 70 million computers are using Windows
98rightnow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Castigliola, Angelo wrote:
> There are no known remote exploits for the
> Windows 98 operating system.

This doesn't mean that W98 is secure. On Secunia's site the latest
(corrected) vulnerability is dated 20060613, less than 1 month ago, and
tomorrow someone could find a new one that won't be corrected.

> I Could not tell you how many exploits are
> out there for Internet Explorer or Outlook\Express that will allow
> someone to compromise Windows 98 but I guess very few.

You don't need 2000 vulnerability. It's enough only one exploit to
create a 70 millions PC zombi net.

> is a better solution then the open source
> solutions that are notorious for features not working with Microsoft
> rich websites (if the website\application loads at all).

Maybe you are just getting confused. One thing is security and another
one are the "features". From a *security* point of view, OSS solutions
like FF or TB, can be more secure than the counterparts IE and OE.

However, AFAIR, browser's *features* are not the main topic of this
mailing list

> Seems like the
> major computer nerds always recommend firefox for windows however if
you
> use a lot of .NET web applications then firefox is a very poor
solution.

Seems MS partners are recommending using IE, but if you use a lot of XUL
applications IE is really the worst solution.

But I think this is OT, here, don't you agree?

- --
Flavio Visentin
GPG Key: http://www.zipman.it/gpgkey.asc

There are only 10 types of people in this world:
those who understand binary, and those who don't.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEtW/9usUmHkh1cnoRAo3UAJ9qOSp1a9LLUI51pHCqjVUigm8LTwCfXcl9
dbphXjK5pTzE/dWftOkVFyY=
=LmIq
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ