funsec mailing list archives
Re[3]: www.hexblog.com down?
From: Pierre Vandevenne <pierre () datarescue com>
Date: Wed, 4 Jan 2006 01:32:57 +0100
Good Day, I thought I'd raise a few generic points about the whole issue. Funsec probably isn't the place, but what the heck... "sitting duck" mentality: when I first heard of the WMF problem, I looked at it with my IT security background and thought, I, or my company, was vulnerable to it. I looked, as I always do, at all the solutions offered, and conceived cases where they would be inefficient. We're a small company. We're trying to spend wisely. We don't have a team of archi-certified sys-admins. We are running Gentoo linux servers, but, as far as the workstation is concerned, nothing beats Windows yet. Should our customer data be vulnerable to a blissfully unaware accountant surfing the web with a vulnerable system? Or should we disable the functionality we supposedly paid for in order to weather the storm? If Ilfak hadn't worked here, I would have asked the same question to our programmers: can we do something about it? I agree with MS assessment that the current threat level is a bit lower than hyped. But the potential is, without any doubt, there to be exploited. So, if one can, why not act upon the problem? "the net as a service": if the permanently "on" .NET (and others, can you say Google?) point of view wins -- Best regards, Pierre mailto:pierre () datarescue com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- www.hexblog.com down? Fergie (Jan 03)
- Re: www.hexblog.com down? Valdis . Kletnieks (Jan 03)
- Re: www.hexblog.com down? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 03)
- RE: www.hexblog.com down? Larry Seltzer (Jan 03)
- Re[2]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re: Re[2]: www.hexblog.com down? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 03)
- Re[4]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re: Re[2]: www.hexblog.com down? nodialtone (Jan 03)
- Re[3]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re[4]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re[3]: www.hexblog.com down? Sean Donelan (Jan 04)
- Re[4]: www.hexblog.com down? Pierre Vandevenne (Jan 04)
- Re[4]: www.hexblog.com down? Sean Donelan (Jan 04)
- Re[5]: www.hexblog.com down? Pierre Vandevenne (Jan 04)
- Re[5]: www.hexblog.com down? Sean Donelan (Jan 04)
- Re[6]: www.hexblog.com down? Pierre Vandevenne (Jan 04)
- Re[2]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re: www.hexblog.com down? Valdis . Kletnieks (Jan 03)
- Re: www.hexblog.com down? Gadi Evron (Jan 03)
- Re[2]: www.hexblog.com down? Pierre Vandevenne (Jan 03)