Full Disclosure mailing list archives
Re: All China, All The Time
From: Benji <me () b3nji com>
Date: Fri, 15 Jan 2010 18:42:47 +0000
Actually you were boasting, it was irrelevant to have what you have as a security precausion. Infact, one could argue that you were making your setup insecure by telling people how you're secured from the get go. On Fri, Jan 15, 2010 at 6:38 PM, Christian Sciberras <uuf6429 () gmail com>wrote:
My question was mostly rhetoric, I tried to imply the point on why computers with sensitive information were; 1. not fully up to date (=>from the top of my had, the exploit had several issues in non-standard browser versions?) 2. running internet explorer (=>more known as a target, nothing against MSIE) 3. used to surf the web (=>why else would you be using IE [rhetoric]) 4. not monitored correctly (=>our most sensitive information is stored in a server locked up 5 times, the only way to get in is either getting all the keys or through a remote exploit*) I think the above points violate a couple of rules in security auditing. * I'm not boasting about our configuration; this is very easy to achieve in a company of 5 and one server rack. On Fri, Jan 15, 2010 at 7:08 PM, Peter Besenbruch <prb () lava net> wrote:On Thursday 14 January 2010 21:49:05 Christian Sciberras wrote:"They used an IE exploit to get in." The people at *Google* use *IE*?!! Besides, how does an exploit in IE affect the server?It would affect a person with login rights to a server. This wasn't just an attack on Google, btw, it was an attack on 32differentcompanies. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fwd: All China, All The Time, (continued)
- Message not available
- Fwd: All China, All The Time Christian Sciberras (Jan 13)
- Re: Fwd: All China, All The Time Gregor Schneider (Jan 14)
- Re: Fwd: All China, All The Time Christian Sciberras (Jan 14)
- Message not available
- Re: All China, All The Time Ivan . (Jan 14)
- Re: All China, All The Time James Matthews (Jan 14)
- Re: All China, All The Time Christian Sciberras (Jan 14)
- Re: All China, All The Time Peter Besenbruch (Jan 15)
- Re: All China, All The Time Christian Sciberras (Jan 15)
- Re: All China, All The Time Benji (Jan 15)
- Re: All China, All The Time Christian Sciberras (Jan 15)
- Re: All China, All The Time Benji (Jan 15)
- Re: All China, All The Time Christian Sciberras (Jan 15)
- Re: All China, All The Time r00t (Jan 15)
- Re: All China, All The Time Marc Maiffret (Jan 15)
- Re: All China, All The Time Stack Smasher (Jan 15)
- Re: All China, All The Time Dan Kaminsky (Jan 15)
- Re: All China, All The Time Marc Maiffret (Jan 15)