Full Disclosure mailing list archives
RE: RE: W2K source "leaked"?
From: Tobias Weisserth <tobias () weisserth de>
Date: Sat, 14 Feb 2004 01:35:19 +0100
Hi Paul, Am Fr, den 13.02.2004 schrieb Schmehl, Paul L um 22:22: ...
Drew Copley once said:We should prepare for this now.Anyone care to comment how we can prepare for this?? Except for moving from the Windows platform, I don't see how we can. Please do not take this as knock against Drew and his opinion. It most certainly isn't. I really would like to hear others thoughts on this.Odd. I would have thought the answer was self evident. You take the standard precautions that every security person should know.
So just because the source code hasn't been leaked until now means people were not obliged to take these precautions? A weak point, don't you think?
Shut down unnecessary services, block all incoming ports except those services necessary to function, create secure "areas" within which you keep the "crown jewels", develop a consistent, effective program of patching, security awareness, yada, yada, yada, etc., etc., etc.
So what you are saying here, reduced to the essence, is that the only "preparation" we can do as an answer to the leaking are the same precautions we are doing all the time anyway?! I have to agree the initial doubting question then that there is hardly anything we can do but sit and wait and apply standard security precautions we would have anyway. We're talking about closed source software here. Everything customers can do is to sit and wait for patches from MS if there's a problem. Personally I don't think this leak will unavoidably lead to a serious increase of heavy and even more sneakier exploits. We already have them. The last week has been evidence enough. Maybe this will even lead to more security as customers with the capacity will have the potential to identify possible threats themselves and point them out to MS ;-) regards, Tobias W. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: W2K source "leaked"?, (continued)
- Re: RE: W2K source "leaked"? Valdis . Kletnieks (Feb 13)
- Re: RE: W2K source "leaked"? ypwhich (Feb 13)
- Re: RE: W2K source "leaked"? madsaxon (Feb 13)
- Re: RE: W2K source "leaked"? Sebastian Dietz (Feb 13)
- RE: Re: W2K source "leaked"? Otero, Hernan (EDS) (Feb 13)
- RE: RE: W2K source "leaked"? John . Airey (Feb 13)
- RE: RE: W2K source "leaked"? Nick Jacobsen (Feb 13)
- Re: W2K source "leaked"? SMORRIS (Feb 13)
- RE: W2K source "leaked"? Drew Copley (Feb 13)
- RE: RE: W2K source "leaked"? Schmehl, Paul L (Feb 13)
- RE: RE: W2K source "leaked"? Tobias Weisserth (Feb 13)
- Re: RE: W2K source "leaked"? Valdis . Kletnieks (Feb 13)
- RE: RE: W2K source "leaked"? Paul Schmehl (Feb 13)
- Re: RE: W2K source "leaked"? Valdis . Kletnieks (Feb 13)
- RE: RE: W2K source "leaked"? Tobias Weisserth (Feb 13)
- RE: Re: W2K source "leaked"? Nick FitzGerald (Feb 14)