----- Original Message -----
From: "Michael T. Babcock" <[EMAIL PROTECTED]>
To: "Otto Goencz" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; "Brian Steele" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Sunday, February 04, 2001 8:29 AM
Subject: Re: Configuration Arguments... In House...
> Fallacy of limited options; there are more alternatives -- like not using
IIS
> (the point of the statement).
As a consultant I can recommend other web servers. However, depending on the
client's network infrastructure, knowledge base of the IT department and
developers, it isn't an option most of the times.
> Ignoring the argument; arbitrary execution of local objects _is_ a hole --
it
> should be fixed. Nobody claimed that it was the ultimate fix. I just
said
> that it should be fixed by now, period. It _contributes_ to security.
Should but it's not, nonetheless the exploit have fixes.
> If you want an argument, go for it ... if you want to contribute to a
> security related discussion, do so with some thought.
That doesn't sound like a security related argument, more like a "come on"
for platform argument. Thanks, but no thanks....
Otto
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
