RE: RDP over the internet



I remember this old conversation. New light perhaps?

Not really.

What was said then was a massive generalisation that couldn't really be
backed up with any solid data i.e. exploitable vulns in RDP. A hark back to
the old "You can't do that, it's insecure" days that saw CEOs treating
Security Officers like the enemy because they got in the way of "the
business".

The new vulnerability has changed the threat landscape in terms of RDP. But
that's what we do, we deal with an ever changing landscape. What was said
then is still a massive generalisation, which, at the time still had no
solid data. Today's patch doesn't make it visionary or forward looking
(unless of course the author was sitting on a big fat zero-day..).

However. We have a vuln, we have a patch. That's it. If there was a new
patch for IIS tomorrow, would we see it being pulled from use by thousands
of organisations? No.

D





________________________________________________________________________
Sec-Tec Ltd, leading specialists in information security professional services. Visit http://www.sec-tec.co.uk for more information on our services. This e-mail has been scanned for possible virus contamination. However, we recommend that all recipients also scan this message.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------