[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
kevin bailey wrote:
he does not refute the fact that there is a security problem - but says that more notice should be taken of other security problems like a recent oracle vulnerability. i would say that an XP vulnerability will have far greater impact.
I think that is a fair view point of itself. I had a horrid thought the other day, if someone writes an Oracle SQL*NET & NET8 aware worm that tries the default Oracle passwords, and e-mails itself, it could wipe out a substantial proportion of company databases.
this one claims that steve gibson is 'loopy' and 'talking bollocks'!!!
Steve went over the top in reference to XP making it easier to send spoofed packets. Sending malformed packets is easy on Linux (for root), but Windows has required extra software to do this before, XP will make it easier. Spoofed packets are harder to trace back (in theory, some ISPs can trace spoofed packets either than genuine ones as they stand out like a straw in a needle factory), so yes Steve is right we will see more spoofed packets. But since a virus or worm could install the extra code Windows need, it is just making it slightly easier, and spoofed packets should be dealt with in routers and firewall, not on every desktop.
i don't think the shields-up probe is supposed to be totally comprehensive - just a first point of checking
Yes - if you want to secure Desktop PC's there are some really good "auditing" tools around. Pretending your the attacker is fine for quick risk analysis, and double check, but you aren't the attacker, you can run a program on every PC to spot misconfigurations. This can reduce support effort as well as keep things safer. Compare running "nmap" against your own box to running "netstat". Nmap shows my port 80 open, netstat shows port 80 is listened to by "ip_trap" - so the external view looks iffy, the internal view reveals a rosier picture.
- it showed some closed and one (unecessarily) open port on my works win2k server which was useful because my boss has now allocated some resources to locking the box down.
I can spend that for you ;) I resell some Windows lock down software (One of my distributors stocks it as a standard line) have to admit I haven't sold any as it doesn't run on Linux ;) But if your interested in getting details let me know, and I'll get a copy for you to look at. I use to work with S-to-Infinity, they had some products for this as well - really cool registry monitor when making registry entries read-only was unusual in Windows. Much more useful for actually finding out what things applications did to the registry than actually locking it down (Which always breaks things). Not sure if S-to-Infinity is around, I never saw it after NT4 and they were getting into encrypted document management. Nice company though - really good attitude to resellers and customers.
The grc site has taken a lot of flak since Steve got hit by that script kiddie and went (IMHO) OTT in his response.
I don't know, if your business depends on the Internet connection, and some script kiddie takes it out... Steve never made people read his documentation of the experience, and I gathered some ideas on better designs for big company Internet connections from his experiences! Steve did make a bit of a pratt of himself in a public flame war, haven't we all made a pratt of ourselves on Usenet at one point? But Steve's heart is in the right place, he tries to help people protect their PC's and tries to make a living doing it, if he isn't the greatest ever security guru, well Richard Stallman might not be the greatest ever programmer but that doesn't mean you wouldn't want him to try. The only thing worse than to try and fail, is not to try.
anyway - MS have hacked me off too much recently, especially cos their web proxy server - ISA - looks like it only works for IE. i have tried to use mozilla and netscape in work because IE keeps crashing my machine but the server refuses their requests. the poor guys at mozilla are trying to find a way around it - i'm thinking of suggesting that they put up a message to the effect that ISA is not a true proxy server but MS specific only. people should ask for their money back!!!
I'm sure I've seen a workaround for this - other than urm run squid or Apache as the web proxy, or let me sell you a nice firewall ;)... Why would one use MS Proxy server, a case of 'less' costing 'more'. Trusting any security critical application to Microsoft is beginning to look like pretty dodgy planning, they clearly aren't interested in security, it doesn't sell software ---- "Cool Sells", Bill Gates said so, and he should know, he has sold more software than any of us. -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.