Security Basics mailing list archives

Re: Ten least secure programs

From: "Chris Berry" <compjma () hotmail com>
Date: Tue, 01 Jul 2003 11:27:18 -0700

From: "Vic Parat \(NSS\)" <vic.parat () nssecurity com>
I would definitely question some of your choices (is Apache more securethan
IIS?)

Given that the vulnerability list at securityfocus is about half the size ofIIS, I'd say yes.

but I think top honors for "the ten least secure computer items" is an
under qualified system administrator.


True, but not very helpful for what I'm trying to do, basically offtopic.

This also makes this "top ten" list
kind of pointless and highly subjective because proper configuration is
everything in security

I don't agree, some products are just naturally more secure than others,qmail as opposed to sendmail for example.

and a properly configured IIS box is by far more
secure then an improperly configured Apache box.

True, but as I stated earlier, I'm looking for programs with poor design,not just poor configuration.

Also, how did  you come up with the list?  You say "worst offenders", what
are your facts?

Sheer volume of vulnerabilities, exploits and repeated problems. Items witha consistently bad track record such that you see them in the tech news allthe time.

I think your question should be more in line with "what's
everybody's least liked computer item in terms of security" than the least
secure.


Well, you're free to ask that question but it's not one I was interested in.

I don't think anybody (outside of the government) has a truly
objective, well researched list to answer your question as it currently
stands.

I'm not looking for objectivity, I'm looking for subjective opinions ofexperts.


Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Encrypt everything, and ask questions later."

_________________________________________________________________

The new MSN 8: smart spam protection and 2 months FREE*http://join.msn.com/?page=features/junkmail



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in

about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

----------------------------------------------------------------------------

Current thread:

RE: Ten least secure programs, (continued)
- RE: Ten least secure programs Chris Alliey (Jul 02)
- RE: Ten least secure programs Graham, Randy (RAW) (Jul 02)
- RE: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Dan Duplito (Jul 02)
- Re: Ten least secure programs Vic Parat (NSS) (Jul 02)
- Re: Ten least secure programs David Nichols (Jul 02)
- RE: Ten least secure programs Chris Berry (Jul 02)
- RE: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Steve Bremer (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)
- RE: Ten least secure programs Mark McConnell (Jul 02)
- RE: Ten least secure programs Martijn Dunnebier (Jul 02)
- Re: Ten least secure programs Ansgar Wiechers (Jul 02)
- RE: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Devdas Bhagat (Jul 02)
- RE: Ten least secure programs Thorsten Dampf (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)