Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: hotmail password request tool (intranet usage)

Re: hotmail password request tool (intranet usage)

From: Leythos <void_at_nowhere.lan>
Date: Wed, 20 Apr 2005 17:56:23 GMT
Message-ID: <bJw9e.6663$0V2.5015@tornado.ohiordc.rr.com> 





On Wed, 20 Apr 2005 12:04:11 -0500, Ulrich Hobelmann wrote:


>

> Leythos wrote:

>> That was really lame. While I run both Linux and Windows workstations I

>> still see threats for Linux and Windows, neither OS is secure, it's all

>> in knowing how to lock each down.

> 

> Then pick BSD.  Anyway, with a Firewall I doubt that Linux can really be

> infected.  Updates are usually painless too.




Why BSD, by Windows XP and 2000/2003 servers are secure, I don't need to
move from RH FC3 or 2000/2003 servers to maintain a secure platform.



>> Installing av software and or a firewall policy that blocks malicious

>> attachments from gaining access to company resources is part of an

>> admins job, at least in every government, commercial and private

>> company I've worked for or designed the networks for.

> 

> Blocking infected attachments is relatively ok, unless you are company

> that has an interest in sending viruses per mail (like an AV company).




Actually, many home users and open-relays spread viruses, not to mention
the compromised machines that spam hundreds of infected emails per minute
to random hosts.



> Just deleting all zips (or encrypted ones) is bloody stupid though.




Deleting any Zip file that is unscannable is a very good method. If you
need to move data between secure locations, using a Zip file is a sloppy
means of doing it. I suppose you've not seen the passworded zip files
where the lamer includes a note stating that the file has been passworded
for their protection.....



If you need encryption for moving data, you cans setup a VPN or secure FTP
server, those are better methods.



>> I've been running many platforms since the 70's and never experienced a

>> virus or compromised system on any network I've managed or designed,

>> including Windows based networks/systems, so it would seem that

>> security is not really an issue for the Windows platforms, it's more a

>> problem when you have ignorant administrators or ones that pretend to

>> know about security.

> 

>  From this thread I gathered that the problem seems to be not the

> security (stuff sent with email is just passive files!), but rather the

> dumb user that has to push the button on every bomb he finds.




Actually, it's ANY user. I've seen CIO's bring in infected laptops,
infected spread-sheets. I've seen companies allow contractors to connect
to the protected network without first validating the contractors laptop.
I've seen all sorts of bad things, and it makes it very hard to identify
which user will be a ignorant one vs a good one.



In the early days, and on unpatched Linux and Windows (and OS/X) systems
you could force execution without the user knowing about it my exploiting
a service. You could also exploit weaknesses in browsers and email
clients.


-- 
spam999free_at_rrohio.com
remove 999 in order to email me


Received on Wed Apr 20 2005 - 12:56:23 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US