Re: Ten least secure programs

["Vic Parat (NSS)" <vic.parat () nssecurity com>]

I would definitely question some of your choices (is Apache more secure than
IIS?) but I think top honors for "the ten least secure computer items" is an
under qualified system administrator.  This also makes this "top ten" list
kind of pointless and highly subjective because proper configuration is
everything in security and a properly configured IIS box is by far more
secure then an improperly configured Apache box.  Same goes for Sendmail or
Exchange or Notes or....
Also, how did  you come up with the list?  You say "worst offenders", what
are your facts?  I think your question should be more in line with "what's
everybody's least liked computer item in terms of security" than the least
secure.  I don't think anybody (outside of the government) has a truly
objective, well researched list to answer your question as it currently
stands.

Vic Parat, Sr. Security Architect
Network Systems Security, LLC
www.nssecurity.com


----- Original Message ----- 
From: "Chris Berry" <compjma () hotmail com>
To: <oclug () oclug org>; <windows2000 () freelists org>;
<security-basics () securityfocus com>
Sent: Saturday, June 28, 2003 3:08 PM
Subject: Ten least secure programs


> I'm putting together a list of what seem to be the ten least secure
computer
> items in use today with the idea of having a set of things to recommend
> AGAINST people using, probably to be posted on the IT room door with a
note
> like "NO, you cannot use the following!!".  Here is what I have so far,
I'm
> looking for additions and comments.  The list is in order from with the
> worst offender being number one.  These should be products whose inheirent
> design is flawed, not that are just difficult to secure.  I expect
vigorous
> discussion. *putting on flame retardent garments*  Oh, and leave Operating
> systems out of this one.
>
> 1) Microsoft Outlook
> 2) Telnet
> 3) Sendmail
> 4) IIS Server
> 5) Wireless networking
> 6) PHP
> 7) ?
> 8) ?
> 9) ?
> 10) ?
>
> Chris Berry
> compjma () hotmail com
> Systems Administrator
> JM Associates
>
> "Within every man beats a heart of darkness." --The Shadow
>
> _________________________________________________________________
> Help STOP SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
>
> --------------------------------------------------------------------------
-
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>
> Find out why, and see how you can get plug-n-play secure remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> --------------------------------------------------------------------------
--


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------