>Date: Wed, 11 Feb 2004 12:29:56 -0800 >To: [EMAIL PROTECTED] >Cc: [EMAIL PROTECTED] >Subject: Re: [Full-Disclosure] EEYE: Microsoft ASN.1 >Library Bit String >Heap Corruption >From: <[EMAIL PROTECTED]>
>I for one am very grateful for the fact that eEye >releases technical >information on the flaw. I think it helps us ALL to >know the technical >information so WE as security and IT professionals >have a better idea >of what the real risk is. >I'm sorry but Microsoft Knowledge Base KB828028 tells >me nothing of any >immediate value, plenty of web links to other >advisories and documents >which will take me weeks to follow and read through >before I know what >the heck they are patching and if it is truly a HIGH >risk exposure for >my environment. The eEye documents and other such >providers of >technical >documents are much better advisories at least that is >MHO. I would like to add something from a person's perspective as one just learning about computer security. Everyone tells me the learning curve for Linux / BSD / Unix to be so high, I would debate that fiercely on the simple fact keeping up with the amount of exploits on windows to be more than I really care to learn. Granted more machines run windows with idiots as users which gives exploits a larger playing field but the forthright way an opensource system approaches exploits leaves little room for obfuscation. I'm not a coder but when someone says a ceratin code has an exploit I can look at it and learn why it happens on opensource, with windows im reduced to trusting other people ( I have a hard time doing that ) This list expands my knowledge by allowing me to see more knowledgeable people discuss exploits and provides me with some way to form my own opinions. Windows is here to stay as it does have alot more enduser features however to leave windows exposed to the internet is in my opinion a security exploit waiting to happen. My solution would be to have all servers on a Unix style platform protected by a competent firewall with an image server that reformats and installs the OS overnight ( if possible ) and prohibiting write permissions on that windows computer in any directory but a network file system, to be backed up nightly.... gotta love cron. ( is this a pipe dream ? ) Provided I ever get control of a network. __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
