Re: My Windows XP system is 100% secure - nobody can get in

From: Dave Thornburgh (dave-thorn@nodash.adelphia.net)
Date: 02/21/03


From: "Dave Thornburgh" <dave-thorn@nodash.adelphia.net>
Date: Fri, 21 Feb 2003 06:24:57 GMT


"Don Jenkins" <bigwheeze@hotmail.net> wrote in message
news:3E552CDA.1010300@hotmail.net...

>
> I think I came to the wrong newsgroup. No one here seems to have a
> clue. Oh well, it is an "alt" newsgroup, what did I expect.
>

So far, I'd agree with that statement - you came to the wrong newsgroup.
This newsgroup is about computer security. So far, you've not said one
thing to support the notion that you know squat about security - your posts
have been just as vague and ethereal on that point as you've accused
everyone else of being.

You're clamoring for specifics about how you're vulnerable. Well, you've
pretty much told us that you're running a stock bundle straight off the
store shelves, and that you implicitly trust anything from Microsoft,
Charter, and Netscape. Not once have you ever said that you've applied the
patches recommended by those vendors, or even hinted that you might know
those patches exist.

So, for specific examples of ways in which you are vulnerable:
# You always run as a user with admin rights. This is a big one, since just
about any of the other vulnerabilities are made much more dangerous - at
least, the ones that take advantage of the rights of the logged on user.

# You could have a weak password controlling access to otherwise unprotected
shared resources - you've never mentioned if you shut down the sharing
mechanisms.

# There are several vulnerabilities on the SANS/FBI top 20 list that fall
into the category of, "if you haven't locked this down, you ARE vulnerable
(not 'might be')". Check http://www.sans.org/top20 for details.

# Multiple security holes have been found in Netscape. Have you fixed them?
See http://www.cert.org/advisories/CA-2002-07.html,
http://bugzilla.mozilla.org/show_bug.cgi?id=157989,
http://archives.neohapsis.com/archives/vendor/2002-q3/0027.html

# It's flat out ludicrous to blindly trust that Microsoft (or any other)
software is secure. See: http://www.kb.cert.org/vuls/id/951555,
http://www.kb.cert.org/vuls/id/591890, etc.

And, the most telling point about your knowledge level: NOT ONE of these
vulnerabilities requires the installation of any third-party hardware or
software to be safe. Nobody here has hammered you on needing to install AV
stuff, a firewall, a NAT router, or any of the other available aids - but
you keep accusing people of doing just that. Also, what proof do you have
that they DON'T help?

Dave

P.S. - I predict a certain response. If you post it, you will confirm your
trollish intents, so you may as well not bother.



Relevant Pages

  • Re: My Windows XP system is 100% secure - nobody can get in
    ... I'd agree with that statement - you came to the wrong newsgroup. ... >then you proceeded to give generalities. ... >> about any of the other vulnerabilities are made much more dangerous - at ... parroting generalities like a mindless idiot. ...
    (alt.computer.security)
  • Re: My Windows XP system is 100% secure - nobody can get in
    ... I'd agree with that statement - you came to the wrong newsgroup. ... then you proceeded to give generalities. ... > about any of the other vulnerabilities are made much more dangerous - at ... parroting generalities like a mindless idiot. ...
    (alt.computer.security)
  • Re: Where to Save Data Files and Folders - thanks
    ... some of the same serious vulnerabilities of the first or primary HD. ... Microsoft MVP - Windows Desktop Experience ... Please Reply to the Newsgroup ...
    (microsoft.public.windows.vista.general)
  • Re: The possibility of vms opening up?
    ... ....or, stated another way, if a system lacks common vulnerabilities, is ... it wise to publish the measures taken to eliminate them? ... There are people who have given up posting to this newsgroup who do take ... such things quite seriously and report vulnerabilities to the VMS team. ...
    (comp.os.vms)
  • [Full-disclosure] CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web S
    ... Multiple vulnerabilities in Sun Calendar Express Web Server ... These vulnerabilities were discovered by the SCS team from Core Security ...
    (Full-Disclosure)