Re: MS-02-052 + blackholing MS

[SMoyer () rgare com (Moyer, Shawn)]

Sho nuff, and all those all-Linux, all-BSD, all-Tru64, all-Websphere,
all-IPlanet, and all-Apache shops out there have been nothing but rock-solid
these past few months, lemme tell ya... 

I had the no-MS approach a few years ago, but when the bottom fell out of
the economy, telling people "no speaka NT" in an interview didn't earn me
many points.

While WinDOS is a pain in the butt to lock down, it can be done, whether
with 3rd-party tools or, increasingly, with stuff that actually ships with
it. Actually, in a lot of ways the default installs of Solaris and HP/UX
could be argued as being more trusting than, or at least as trusting as, 2K.
And don't even get me started on Linux. Slack 8.1 still has portmap on by
default. Blarg.

The way I look it, business needs and developers define the environment, and
our Sisyphean task is to keep it up and solid within the constraints we're
provided. Some platforms make it harder than others, but that's why we get
to drive sports cars and wear leather pants to DefCon. 

I'll continue to curse MS daily, but I'll curse FBSD, HP, Cisco, Nortel,
Theo, and whoever else ends up being a thorn in my side just as much.
Dismissing a platform outright is not an option for me, and it's not an
option for most people either. If it is for you, Steve, rock on. Hell, I'd
shut down our I-net pipes if I could do it, and put every one back on
VT220's and go back to one VMS box for the whole company, if I could do it
and if it still served our business needs.

All our Hushmail-ites on this list are probably sitting on 2K / XP or VMWare
boxes themselves; at least I've never been able to get it to work in
Mozilla. So sometimes you gotta dance with the devil, whether you want to or
not... You just make sure and wear a flame-retardant cumberbund and a crash
helmet. :)

Besides, isn't this required reading in Redmond nowadays? --->
http://www.microsoft.com/mspress/books/5612.asp



(Hypocrisy disclaimer: I just gave hellNbak crap for running an Exchange box
on the I-net three days ago. So sue me.)




--shawn


> -----Original Message-----
> From: gobbles () hush com [mailto:gobbles () hush com]
> Sent: Friday, 20 September, 2002 11:28 AM
> To: full-disclosure () lists netsys com; steve () videogroup com
> Cc: bugtraq () securityfocus com
> Subject: Re: [Full-disclosure] Re: MS-02-052
>
>
>
> > Steve Szmidt
> > V.P. Information Technology
> > Video Group Distributors, Inc.
>
> How people like this get promoted?
>
> Gobbles wonder if IT staff point and laugh
> or laugh behind back.
>
> What make not running M$ secure?
>
>
>
> Get your free encrypted email at https://www.hushmail.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html