On Tuesday 12 August 2003 06:40 am, Franky Van Liedekerke wrote: > I guess everybody can implement SUSserver (www.susserver.com): it's a > local version of a windows update server. > If you implement this, you can allow only this server access to the > microsoft update sites, and let everybody else (from within the > ISP his network) connect to the local update server.
I guess everyone can implement THIS to upgrade Windows: http://www.tldp.org/HOWTO/KickStart-HOWTO.html Or even better! Why should you distribute risky code to every physical point in an organization? Personal OS installs are for laptops. http://www.ltsp.org/documentation/ltsp-3.0-4-en.html Microsoft's "Trustworthiness' is running a wee bit thin. This exploit survived their charming little 'code review and profiling' PR episode last year - and the 5 month delay of Win2003 for security reasons. >From a risk perspective, every security manager in the world should be weighing the value of including any MS platform or protocol in their trusted operations. Factors in this equation include a vendor who's business interests are in potential or active conflict with most of their customers; a vendor with a track record of CONSISTANTLY getting the most important things wrong 8 out of 10 times; a vendor with a willingness to embed^H^H^H^H^H infest server platforms with public keys, for which they maintain the private keys. This last factor - from any vendor - should present an irrepairable violation of Security Policy. Why worry about trojans on your OS of choice, when the OS is itself a trojan? -- Jeremiah Cornelius, CISSP, CCNA, MCSE Information Security Technology email: [EMAIL PROTECTED] - mobile: 415.235.7689 "What would be the use of immortality to a person who cannot use well a half hour?" --Ralph Waldo Emerson _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
