nanog mailing list archives
Re: WashingtonPost computer security stories
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Tue, 17 Aug 2004 10:46:27 +0100 (BST)
On Sun, 15 Aug 2004, Mikael Abrahamsson wrote:
As far as I know, there is no remotely exploitable hole in windows that doesn't have a patch for it, nothing majorly in the wild anyway. I run my fully patched XP laptop without firewall directly connected to the internet all the time and the above you mention doesn't happen to me.
i'm sure there are plenty, and not just in windows. just because you dont know about them or theres nothing published doesnt mean it doesnt exist. the hole used by sapphire didnt 'exist' until sapphire infected all the open windows boxes within a couple hours even with your firewall you're not safe, stuff can get through if you either allow it with a listening port (eg webserver) or by malicious trojan data (eg javascript embedded in webpage, crafted response to dns/ping/snmp/ssh/whatever)
Bad hardware and application software cause a lot more problems than the operating system itself.
i think they're all major things you should include in any security assessment, the exact order of importance is irrelevant Steve
Current thread:
- WashingtonPost computer security stories Sean Donelan (Aug 15)
- Re: WashingtonPost computer security stories Hank Nussbacher (Aug 15)
- Re: WashingtonPost computer security stories Mikael Abrahamsson (Aug 15)
- Re: WashingtonPost computer security stories Owen DeLong (Aug 15)
- Re: WashingtonPost computer security stories Deepak Jain (Aug 15)
- Re: WashingtonPost computer security stories David Lesher (Aug 15)
- Re: WashingtonPost computer security stories John Underhill (Aug 15)
- Re: WashingtonPost computer security stories Sean Donelan (Aug 15)
- Re: WashingtonPost computer security stories Mikael Abrahamsson (Aug 15)
- Re: WashingtonPost computer security stories Jerry Pasker (Aug 15)
- Re: WashingtonPost computer security stories Stephen J. Wilcox (Aug 17)
- Re: WashingtonPost computer security stories Hank Nussbacher (Aug 15)
- Re: WashingtonPost computer security stories Doug White (Aug 15)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Henry Linneweh (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Christopher L. Morrow (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Mark Kasten (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Alexei Roudnev (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Sean Donelan (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) David Lesher (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Michael . Dillon (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Joel Jaeggli (Aug 17)