[Full-Disclosure] RE: W2K source "leaked"?
tobias at weisserth.de
Sat Feb 14 00:35:19 GMT 2004
Am Fr, den 13.02.2004 schrieb Schmehl, Paul L um 22:22:
> > Drew Copley once said:
> > > We should prepare for this now.
> > Anyone care to comment how we can prepare for this?? Except
> > for moving from the Windows platform, I don't see how we can.
> > Please do not take this as knock against Drew and his
> > opinion. It most certainly isn't. I really would like to hear
> > others thoughts on this.
> Odd. I would have thought the answer was self evident. You take the
> standard precautions that every security person should know.
So just because the source code hasn't been leaked until now means
people were not obliged to take these precautions? A weak point, don't
> Shut down unnecessary services, block all incoming ports except those services
> necessary to function, create secure "areas" within which you keep the
> "crown jewels", develop a consistent, effective program of patching,
> security awareness, yada, yada, yada, etc., etc., etc.
So what you are saying here, reduced to the essence, is that the only
"preparation" we can do as an answer to the leaking are the same
precautions we are doing all the time anyway?!
I have to agree the initial doubting question then that there is hardly
anything we can do but sit and wait and apply standard security
precautions we would have anyway. We're talking about closed source
software here. Everything customers can do is to sit and wait for
patches from MS if there's a problem.
Personally I don't think this leak will unavoidably lead to a serious
increase of heavy and even more sneakier exploits. We already have them.
The last week has been evidence enough. Maybe this will even lead to
more security as customers with the capacity will have the potential to
identify possible threats themselves and point them out to MS ;-)
Full-Disclosure is hosted and sponsored by Secunia.