Are we talking about services and protocols too, now? For more often
insecure services like RPC, NFS, etc., some of the programs do serve their
purpose and work properly. I personally consider an insecure program, an
insecure program--not the protocol it uses or the service itself. E.g., the
program has exploits beyond the limits of it's intended purpose. If I
create a program to rm -rf / your system and you run it, is that program
insecure? It serves it's purpose, but if I create a program that says
system("echo $input"); and claim it's an interactive "hello world" type of
program, then that would qualify as insecure.
--
Regards,
Tim Greer [EMAIL PROTECTED]
Server administration, security, programming, consulting.
----- Original Message -----
From: "Mitchell Rowton" <[EMAIL PROTECTED]>
To: "Andre Hall" <[EMAIL PROTECTED]>; "Chris Berry"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, July 01, 2003 11:40 AM
Subject: Re: [OCLUG] Ten least secure programs
> I would tend to suggest the following:
>
> MDAC
> SQL
> Management
> Internet Explorer
> NetBIOS
> Management
> RPC
> SNMP
> Management
>
> So far your list contains, services, systems, and architectures. Does
> it have any scope?
>
> Mitchell Rowton
> http://www.attackprevention.com
>
>
> > You forgot Microsoft's ActiveX, Word and Excel - vulnerable
> >
> > On Sat, 28 Jun 2003 15:08:38 -0700, Chris Berry wrote
> > > I'm putting together a list of what seem to be the ten least secure
> > > computer items in use today with the idea of having a set of things
> > > to recommend AGAINST people using, probably to be posted on the IT
> > > room door with a note like "NO, you cannot use the following!!".
> > > Here is what I have so far, I'm looking for additions and
> comments.
> > > The list is in order from with the worst offender being number
> one.
> > > These should be products whose inheirent design is flawed, not
> that
> > > are just difficult to secure. I expect vigorous discussion.
> > > *putting on flame retardent garments* Oh, and leave Operating
> > > systems out of this one.
> > >
> > > 1) Microsoft Outlook
> > > 2) Telnet
> > > 3) Sendmail
> > > 4) IIS Server
> > > 5) Wireless networking
> > > 6) PHP
> > > 7) ?
> > > 8) ?
> > > 9) ?
> > > 10) ?
> > >
> > > Chris Berry
> > > [EMAIL PROTECTED]
> > > Systems Administrator
> > > JM Associates
> > >
> > > "Within every man beats a heart of darkness." --The Shadow
> > >
> > > _________________________________________________________________
> > > Help STOP SPAM with the new MSN 8 and get 2 months FREE*
> > > http://join.msn.com/?page=features/junkmail
> > >
> > > --
> > > Orange County Linux Users Group http://www.oclug.org
> > > To unsubscribe mailto:[EMAIL PROTECTED]
> >
> >
> >
> >
> > ----------------------------------------------------------------------
> -----
> > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
> analysts!
> > The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> > while InStat has confirmed Neoteris as the leader in marketshare.
> >
> > Find out why, and see how you can get plug-n-play secure remote
> access in
> > about an hour, with no client, server changes, or ongoing maintenance.
> >
> > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> > ----------------------------------------------------------------------
> ------
> >
> >
>
>
>
> --------------------------------------------------------------------------
-
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>
> Find out why, and see how you can get plug-n-play secure remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> --------------------------------------------------------------------------
--
>
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
