Date: Sat, 29 Dec 2001 15:00:32 -0800 From: "Jason Kim" <[EMAIL PROTECTED]> Subject: Re: [LIB] Re: Windows XP again
May I highly suggest that you do your own research (even lightly), and that you take this guy's statements with a grain of salt the size of a Ford Taurus. Personally, I find it very helpful to read whitepapers and detailed reports to judge the accuracy of a source. Port 80 is typically used as an incoming port for the HTTP protocol -- it's only open if you're running webserver software on your computer. Even if you are, the risk is very small that your computer can be hijacked through this port. He's also wrong about the methods, but most everybody knows that Outlook Express is susceptible to various forms of privilege elevation attacks -- there are ways to fool it to do your evil bidding. Most (if not all) of these problems, however, have corresponding patches available. The same goes for the 'big' Windows XP UPnP bug, and the recent Explorer/Internet Explorer security debacle. Both have patches available, and both have been overexaggerated by the media, IMHO (especially "technical" sources like cnet). Neither vulnerability, as far as I know, has been widely exploited, and it shouldn't matter now that the patches are available. I run Linux, but not because it's more secure out of the box (in fact, lots of Linux software contains bugs and security holes, too), but because problems are easier to diagnose and fix. It's hard to infiltrate a Linux server, and it's nearly impossible to do it without being noticed by an astute sysadmin. You also have to keep up with the rapid releases of Linux software, especially open source. I do think the other sarcastic remark made on this list applies, too ... I can't imagine anyone who wants my data anyway, but I'll play it on the safe side. Sorry to make such a big rant out of this, but I just felt like getting it out. :) -Jason ----- Original Message ----- From: "Matthew Hanson" <[EMAIL PROTECTED]> To: "Libretto" <[EMAIL PROTECTED]> Sent: Saturday, December 29, 2001 12:37 PM Subject: Re: [LIB] Re: Windows XP again > Opps... I deleted the reply with the explanation and fix. > > I was talking to a guy the other day who claimed to have a friend working > with the NSA's Eschelon project. He told me they can get through just about > any version of Windows and virtually take over the system... log keystrokes > for encryption passwords and send them home etc. ect. etc. > > He said some access can be had via port 80 which evidently is always open to > access the net... though this seems questionable. He also said that by > adding code to an altered date field in email sent to someone, the code will > be excuted upon receipt, and the receiving system's security compromised. > Sounds like something Micro$oft's Outlook Distress would be susceptable > to... but I don't really have a clue about all this :-) ... though it would > seem that Linux would be a much more secure OS. > > Matt > > > > _________________________________________________________________ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx > > > > > ************************************************************** > http://libretto.basiclink.com - Libretto mailing list > http://libretto.basiclink.com/archive - Archives > http://www.picante.com/~gtaylor/portable/faq.html - FAQ > -------TO UNSUBSCRIBE------- > Reply to any of the list messages. The reply mail should be > addressed to: [EMAIL PROTECTED] - Then replace any text > on the message's subject line: cmd:unsubscribe > --------TO UNSUBSCRIBE DIGEST------ > Do above but with this on subject line: cmd:unsubscribe digest > ************************************************************** > ************************************************************** http://libretto.basiclink.com - Libretto mailing list http://libretto.basiclink.com/archive - Archives http://www.picante.com/~gtaylor/portable/faq.html - FAQ -------TO UNSUBSCRIBE------- Reply to any of the list messages. The reply mail should be addressed to: [EMAIL PROTECTED] - Then replace any text on the message's subject line: cmd:unsubscribe --------TO UNSUBSCRIBE DIGEST------ Do above but with this on subject line: cmd:unsubscribe digest **************************************************************
