Information Security News mailing list archives
RE: Microsoft failing security test?
From: InfoSec News <isn () c4i org>
Date: Mon, 14 Jan 2002 03:05:16 -0600 (CST)
Forwarded from: McDonald Patrick <mcdonald_patrick () bah com> I have to respectfully disagree with Chris Wysopal. <snip> "Chris Wysopal, director of research and development for security company @Stake, argued that an early warning can sometimes actually hurt security, tipping off malicious attackers to the vulnerability." <snip> Does early warning help script kiddies, most definitely. However it also helps admins protect their systems against these attacks. A script kiddie can't use an exploit that an admin has prepared against. Thus the exploit is useless against an informed admin. We can see this with w00w00's most recent advisory. w00w00's advisory did provide script kiddies with a new weapon (the exploit code), however they also provided protection against it (AIM filter and restricting incoming requests). How many of us downloaded AIM filter the moment we verified the advisory? Every person who loaded AIM filter was once less target for the newly armed script kiddies. Pat As an afterthought, does anyone else find it interesting that Microsoft .Net (secure Internet lol) already has its own virus (see ISN's post titled Virus writers take an early crack at .Net. Microsoft failing the security test, they haven't even bothered to show up. -----Original Message----- From: owner-isn () attrition org [mailto:owner-isn () attrition org]On Behalf Of InfoSec News Sent: Friday, January 11, 2002 10:47 AM To: isn () attrition org Subject: [ISN] Microsoft failing security test? http://www.zdnet.com/zdnn/stories/news/0,4586,5101593,00.html?chkpt=zdhpnews 01 By Robert Lemos Special to ZDNet News January 11, 2002 4:38 AM PT Microsoft's security initiatives and the release of the company's "most secure operating system yet" haven't quashed myriad holes that security experts say put customers in harm's way. Although the software titan has been touting the need for security through its Secure Windows Initiative, the recent revelation of a severe flaw in the company's flagship Windows XP operating system--combined with the discoveries of several recent Internet Explorer browser holes--has left security experts questioning whether Microsoft can fully lock down its products. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Microsoft failing security test? InfoSec News (Jan 11)
- <Possible follow-ups>
- RE: Microsoft failing security test? InfoSec News (Jan 14)
- Re: Microsoft failing security test? InfoSec News (Jan 15)
- FW: Microsoft failing security test? InfoSec News (Jan 16)