Re: Ten least secure programs
From: Tim Greer (chatmaster_at_charter.net)
Date: 07/03/03
- Previous message: Dan Bartley: "RE: Ten least secure programs"
- In reply to: Erik !: "Re: Ten least secure programs"
- Next in thread: vincent: "Re: Ten least secure programs"
- Reply: vincent: "Re: Ten least secure programs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Erik !" <viking0069@hotmail.com>, <bugtraq@planetcobalt.net>, <security-basics@securityfocus.com> Date: Thu, 3 Jul 2003 14:44:01 -0700
Please, I never bought the "if someone wants in, they will get in" line. :-)
There's not enough conditionals to that claim. There's not just inevitably
a way in, no matter what and that a sys admin can't do anything about it, as
if that's "just the way it is". if you believe otherwise, I'll set up a
system and you can manage to "just get in" and I'll find a new line of work.
-- Regards, Tim Greer chatmaster@charter.net Server administration, security, programming, consulting. ----- Original Message ----- From: "Erik !" <viking0069@hotmail.com> To: <bugtraq@planetcobalt.net>; <security-basics@securityfocus.com> Sent: Wednesday, July 02, 2003 3:20 PM Subject: Re: Ten least secure programs > Here's what the experts use (for starters - bigger cos. develop their own > list, based upon their own internal consensus). > > http://www.sans.org/top20/ > > this is broken out by windows and unix centric apps/services. > > It really pegs the most comman apps/services that sysadmins overlook and > hence end up causing the most problems. > > A determined hacker could get into most any network, it gets back to the old > adage: > > You are going to be hacked at some point, it's just a matter of how soon you > want that to happen. > > Balance your LAN security against your business needs. > Erik > > > ----Original Message Follows---- > From: Ansgar Wiechers <bugtraq@planetcobalt.net> > To: security-basics@securityfocus.com > Subject: Re: Ten least secure programs > Date: Tue, 1 Jul 2003 10:52:23 +0200 > > I'm not sure if this discussion will be productive in any way, since you > seem to concentrate too much on the software and ignore layer 8, which > is (IMHO) the major problem. But anyway, here you go: > > On 2003-06-28 Chris Berry wrote: > > I'm putting together a list of what seem to be the ten least secure > > computer items in use today with the idea of having a set of things to > > recommend AGAINST people using, probably to be posted on the IT room > > door with a note like "NO, you cannot use the following!!". Here is > > what I have so far, I'm looking for additions and comments. The list > > is in order from with the worst offender being number one. These > > should be products whose inheirent design is flawed, not that are just > > difficult to secure. I expect vigorous discussion. *putting on flame > > retardent garments* Oh, and leave Operating systems out of this one. > > I'm not sure if this discussion will be productive in any way, since you > seem to concentrate too much on the software and ignore layer 8, which > is (IMHO) the major problem. But anyway, here we go: > > > 1) Microsoft Outlook > > I beg to differ on this one. Outlook is a groupware client and is > therefore *designed* to be insecure. It's a behaviour I would expect > from a groupware client. Of course one should *not* use Outlook as an > internet mail client (at least not without taking further precautions). > Also I would like to mention that AFAIR all vulnerabilities in Outlook > are vulnerabilities of the Internet Explorer (which I suggest to put on > this list instead). > > > 2) Telnet > > 3) Sendmail > > 4) IIS Server > > 5) Wireless networking > > 6) PHP > > 7) ? > > 8) ? > > 9) ? > > 10) ? > > You might want to add FTP in general and BIND (at least earlier than > version 9) here. > > Regards > Ansgar Wiechers > > -------------------------------------------------------------------------- - > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------------------- -- > > _________________________________________________________________ > Add photos to your messages with MSN 8. Get 2 months FREE*. > http://join.msn.com/?page=features/featuredemail > > > -------------------------------------------------------------------------- - > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
- Previous message: Dan Bartley: "RE: Ten least secure programs"
- In reply to: Erik !: "Re: Ten least secure programs"
- Next in thread: vincent: "Re: Ten least secure programs"
- Reply: vincent: "Re: Ten least secure programs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
