Re: .Net Satisfies Security Compliance Satistactions or Not ???

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

In this listserve... it was where someone said they talked in a SANS 
conference about the "Everyone" group and it's impact ... it's in 
regards to where the Everyone group in the 2k3 era does not include anon.

Go back in this listserve for the comment by the guy who said he went to 
a SANS conference where a complaint about the Everyone group was brought 
up in the conference.

Trevor Seward wrote:
I apologize, I meant #2...the SANS comment.

Thanks!
Trevor


On 7/29/06 11:33 PM, "Laura A. Robinson" <[EMAIL PROTECTED]> wrote:

  
How can I provide links to something I say doesn't exist? :-)

There are lots of guidelines out there, and there are even some relatively
well agreed-upon sets of them (Common Criteria "standards", etc.), but there
is not a specific single set of specifications that serves as a worldwide
standard. That's why I wondered to which "standards" the OP was referring.

Laura 

    
-----Original Message-----
From: Trevor Seward [mailto:[EMAIL PROTECTED]
Sent: Saturday, July 29, 2006 7:54 PM
To: [EMAIL PROTECTED]; focus-ms@securityfocus.com
Subject: Re: .Net Satisfies Security Compliance Satistactions
or Not ???

Laura, not disputing your claim, but can you provide links
regarding #3?

Thanks!
Trevor


On 7/27/06 10:01 AM, "Laura A. Robinson"
<[EMAIL PROTECTED]> wrote:

      
1. If it's not "any feud against M$", you might want to
        
consider not 
      
referring to Microsoft as "M$".

2. No offense to SANS, but even as recently as last week,
        
I've heard 
      
things they've told people about MS software that were last true in
1996. I don't know if it's an endemic thing in SANS, or if
        
they just 
      
have one or two woefully uninformed people presenting for them, but
they have propagated some complete bulls**t presented as fact and
people unfortunately sometimes just swallow it up rather than
verifying for themselves whether the statements are accurate.

3. To whose "Security compliance standards" do you refer, exactly?
There is not a single set of standards out there for
        
anything computer
      
security related.

4. To what "vulnerable features" do you refer?

I'm sorry, but your post almost reads like a troll because
        
you don't 
      
list a single specific question, just throw out some FUD
        
about the .NET framework.
      
If you have some actual questions, please, do ask them and you'll
undoubtedly get some well-informed responses. But what
        
you've written 
      
below is unanswerable because it doesn't actually ask any
        
real questions.
      
Laura

        
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 27, 2006 9:53 AM
To: focus-ms@securityfocus.com
Subject: .Net Satisfies Security Compliance Satistactions
          
or Not ???
      
Hey group,

I attended the SANS conference for .Net security session.
Based on some lecture's and based on my search findings at
          
internet 
      
search engines, I wanted to ask if .NET cannot comply to
          
the Security 
      
compliance standards at all. Various issues involved with the
vulnerable features of .Net framework scares the hell out of the
Security Developers around the world, who are involved with .Net
framework. Did any security group consider making any updates and
releasing it to M$, has anyone contacted them yet, any progress on
fixing these issues and bringing it into compliance.


Sorry if that involved a lot of questions in a single email
:-) Was just curious to know what is going around.


Shyaam


PS: this is not any feud against M$ and I am just trying to learn
more about this. Please dont respond to this email thinking that I
belong to some anti-M$ gang, I am requesting as it has happened
before. I need more input and hence I am posting in this group.

--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------

          

        
----------------------------------------------------------------------
      
-----

        
----------------------------------------------------------------------
      
-----

        
---------------------------------------------------------------------------
---------------------------------------------------------------------------

    


---------------------------------------------------------------------------
---------------------------------------------------------------------------


  

---------------------------------------------------------------------------
---------------------------------------------------------------------------