[Full-Disclosure] EEYE: Microsoft ASN.1
geggam692000 at yahoo.com
Thu Feb 12 03:06:15 GMT 2004
>Date: Wed, 11 Feb 2004 12:29:56 -0800
>To: pdt at jackhammer.org
>Cc: full-disclosure at lists.netsys.com
>Subject: Re: [Full-Disclosure] EEYE: Microsoft ASN.1
>Library Bit String
>From: <bart2k at hushmail.com>
>I for one am very grateful for the fact that eEye
>information on the flaw. I think it helps us ALL to
>know the technical
>information so WE as security and IT professionals
>have a better idea
>of what the real risk is.
>I'm sorry but Microsoft Knowledge Base KB828028 tells
>me nothing of any
>immediate value, plenty of web links to other
>advisories and documents
>which will take me weeks to follow and read through
>before I know what
>the heck they are patching and if it is truly a HIGH
>risk exposure for
>my environment. The eEye documents and other such
>documents are much better advisories at least that is
I would like to add something from a person's
perspective as one just learning about computer
Everyone tells me the learning curve for Linux / BSD /
Unix to be so high, I would debate that fiercely on
the simple fact keeping up with the amount of exploits
on windows to be more than I really care to learn.
Granted more machines run windows with idiots as users
which gives exploits a larger playing field but the
forthright way an opensource system approaches
exploits leaves little room for obfuscation.
I'm not a coder but when someone says a ceratin code
has an exploit I can look at it and learn why it
happens on opensource, with windows im reduced to
trusting other people ( I have a hard time doing that
This list expands my knowledge by allowing me to see
more knowledgeable people discuss exploits and
provides me with some way to form my own opinions.
Windows is here to stay as it does have alot more
enduser features however to leave windows exposed to
the internet is in my opinion a security exploit
waiting to happen.
My solution would be to have all servers on a Unix
style platform protected by a competent firewall with
an image server that reformats and installs the OS
overnight ( if possible ) and prohibiting write
permissions on that windows computer in any directory
but a network file system, to be backed up nightly....
gotta love cron. ( is this a pipe dream ? )
Provided I ever get control of a network.
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
Full-Disclosure is hosted and sponsored by Secunia.