Full Disclosure mailing list archives
Re: Re: Microsoft Coding / National Security Risk
From: Szilveszter Adam <adam () hif hu>
Date: Tue, 30 Mar 2004 08:50:10 +0200
madsaxon wrote:
The US military is considerably more rigorous than the civilian government in this regard, but even then there are systems which have slipped through the cracks. Evidence for this is the fact that Web defacement mirrors still occasionally contain both .gov and .mil entries.
Not to rain on your parade, but public web site defacements in the gov sector certainly show very little of the state of internal network security. Nowadays public web servers are often outsourced to a colo facility, and are not very much locked down either, since these are often not the same systems that provide the intranet services that the organisation depends on. While having a breach on your public web servers doesn't look nice, it's mostly not critical either, you simply take the server off the net and rebuild it when you have time. After all, it is more for information of the public than for anything else: nice to have, but nothing breaks if it doesn't work. Therefore the costs of locking it down may outweigh the possible cost of compromise. It is like saying: since there is graffiti on the walls of the police station, the police force sucks. I'd rather they went after the more serious offenses instead of making sure that nobody can spray their walls.
Regards: Sz. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Microsoft Coding / National Security Risk, (continued)
- RE: Microsoft Coding / National Security Risk Frank Knobbe (Mar 24)
- RE: Microsoft Coding / National Security Risk joe (Mar 26)
- RE: Microsoft Coding / National Security Risk Frank Knobbe (Mar 24)
- Re: Microsoft Coding / National Security Risk John Sage (Mar 24)
- RE: Microsoft Coding / National Security Risk joe (Mar 26)
- Re: Microsoft Coding / National Security Risk Valdis . Kletnieks (Mar 26)
- RE: Microsoft Coding / National Security Risk joe (Mar 26)
- Re: Microsoft Coding / National Security Risk Valdis . Kletnieks (Mar 24)
- Re: Microsoft Coding / National Security Risk martin f krafft (Mar 24)
- Re: Microsoft Coding / National Security Risk borg (Mar 24)
- RE: Re: Microsoft Coding / National Security Risk joe (Mar 26)
- RE: Re: Microsoft Coding / National Security Risk madsaxon (Mar 26)
- Re: Re: Microsoft Coding / National Security Risk Szilveszter Adam (Mar 29)
- RE: Re: Microsoft Coding / National Security Risk joe (Mar 26)
- RE: Re: Microsoft Coding / National Security Risk Random Letters (Mar 24)
- RE: Re: Microsoft Coding / National Security Risk Steven Alexander (Mar 26)