RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly

• Previous message: bugzilla_at_redhat.com: "[Full-Disclosure] [RHSA-2003:292-01] Updated OpenSSL packages fix vulnerabilities"
• In reply to: Rodrigo Barbosa: "Re: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
• Next in thread: Steve Wray: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost ofMonopoly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Rodrigo Barbosa'" <rodrigob@suespammers.org>, <full-disclosure@lists.netsys.com>
Date: Tue, 30 Sep 2003 07:43:19 -0500

NT4 SP2 was a nightmare. Luckily I heard about it in the newsgroups the day
I planned on installing it on my ISP boxes (yes I run IIS, locked down, in
addition to Apache). That taught me a lesson, and I now wait 48-72 hours
after release before installing any Microsoft service pack or hotfix, while
I observe Uncle Bill's guinea-pigs.

One of the things I love about *NIX is the stability. FreeBSD 5.1 (I run on
my desktop) is more stable than any Microsoft .1 product ever hoped to be,
but the FreeBSD crew is still classifying 4.8 the production version (I run
on my servers).

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity zar Richard Clarke

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Rodrigo
Barbosa
Sent: Tuesday, September 30, 2003 2:01 AM
To: full-disclosure@lists.netsys.com
Subject: Re: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of
Monopoly

On Mon, Sep 29, 2003 at 11:51:03PM -0500, Paul Schmehl wrote:
> >As some may recall, my original statement was an answer to someone that
> >was points that Unix is more secure then Windows (I agree up to this
> >point), and gave and example telling that there are still several codered
> >vulnerable machine around. This is the point I was commenting about. And
> >you do have to agree that is a machine, today, is still vulnerable to
> >Codered, it is mostly due to a fault of the administrator.
> >
> I'm going to pick one small nit with you. There is another possible
guilty
> party. In some cases, at least in edu and medical centers (that's what
I'm
> familiar with) the *vendor* is at fault. Some vendors will not certify
> their scientific instruments with the latest Service Packs and patches,
> leaving the admins no other choice but to find some other way to protect
> the machine. (Hell, we sometimes have trouble getting vendors of
> *security* devices to support their products with the latest SPs and
> patches. (Which is another reason that I dislike putting security-related
> software on Windows boxes, but sometimes you simply have no choice.)

I stand corrected.

I kind of remember something about a friend of mine (Win admin) installing
NT SP2 and it breaking MS-SQL server.

And yes, you are correct about vendors too.

So, simply put, we are doomed :)

- When the software gets a bugfix released, you can't install it because
of the vendor
- When you can install it regardless of the vendor, the net admin forgets
to install it
- When the net admin remembers to install it, the users mess up
- When the user don't mess up, the cleaning lady pulls the plug

Talk about trustworthy computing :)

[]s

--
Rodrigo Barbosa <rodrigob@suespammers.org>
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: bugzilla_at_redhat.com: "[Full-Disclosure] [RHSA-2003:292-01] Updated OpenSSL packages fix vulnerabilities"
• In reply to: Rodrigo Barbosa: "Re: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
• Next in thread: Steve Wray: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost ofMonopoly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Windows XP Issue (Activation) III ... > install Win XP more than once and get away with it until MS does ... > The vendors license is clear, and so is the section of TITLE that he ... > If you read the EULA and even look at Kurts posting of that Title, ... (microsoft.public.windowsxp.general) Re: Where did Suse go? ... VENDORS write the drivers that are included in a windows package. ... and Linux geeks compete to install their respective OSes. ... (alt.os.linux.suse) Re: Windows XP Issue (Activation) III ... copyright protection systems like XP's activation feature and the possible ... >> The vendors license is clear, and so is the section of TITLE that he ... > anything one install per license. ... >> If you read the EULA and even look at Kurts posting of that Title, ... (microsoft.public.windowsxp.general) Re: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly ... you are correct about vendors too. ... When you can install it regardless of the vendor, the net admin forgets ... When the net admin remembers to install it, the users mess up ... (Full-Disclosure) Re: Migrating from XP to Windows 2003 ... making the vendors make their products compliant with ... SP2 is easily said than done! ... I have decided to take the plunge and install Windows 2003 from scratch. ... (microsoft.public.windows.server.setup)