Microsoft XP SP2 (was Re: Lazy network operators - NOT)

• Previous message (by thread): Microsoft XP SP2 (was Re: Lazy network operators - NOT)
• Next message (by thread): Microsoft XP SP2 (was Re: Lazy network operators - NOT)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2004-04-19 at 06:27, Brian Russo wrote:
>
> There're a lot more 0-days than that.

Agreed. My ego has not grown so large as to think I've seen every 0-day.
;-) As I said however, the true number of 0-day is less than ground
noise compared to the number of systems that *could* have remained safe
with proper patching or configuring. 

> They just tend to remain 
> within a smaller community (typically the ones who discover it) and are 
> used carefully/intelligently for compromises, often for a very long 
> time.

Agreed. I think part of what makes 0-day easier to hide *is* the raw
quantity of preventable exploits that are taking place. In many ways we
have become numb to compromises so that the first response ends up being
"format and start over". If 0-day was a higher percentage, it would be
easier to catch them when they occur and do a proper forensic analysis. 

> Agreed, and even conscientious users screw up. I did this some months 
> ago when installing MS SQL Server Desktop Engine from a third-party CD 
> (packaged with software).

<RANT>
I guess I have a hard time blaming this type of thing on the end user.
Part of the fall out from making computers easier to use, is making it
easier for end users to shoot themselves in the foot. One of the
benefits of complexity is that it forces end user education. I'm
guessing that if you had to load SQL as a dependency you would have
caught your mistake before you made it. 

Let me give you an example of the easy to use interface thing. Back in
2000 I made it a personal goal to try and get the top 5 SMURF amplifier
sites shut down. I did some research to figure out what net blocks were
being used and started contacting the admins. Imagine my surprise when I
found out that 3 of the 5 _had_ a firewall. They had clicked their way
though configuring Firewall-1, didn't know they needed to tweak the
default property settings, and were letting through all ICMP
unrestricted and unlogged. 

IMHO its only getting worse. I teach a lot of perimeter security folks
and it seems like more and more of them are moving up the ranks without
ever seeing a command prompt. I actually had one guy argue that
everything in Windows is point and click and if you could not use a
mouse to do something, it was not worth doing. Again, I don't see this
as an end user problem because as an industry we've tried to make
security seem easier than it actually is. We want to make it like
driving a car when its more like flying an airplane. 
</RANT>

Cheers,
Chris

• Previous message (by thread): Microsoft XP SP2 (was Re: Lazy network operators - NOT)
• Next message (by thread): Microsoft XP SP2 (was Re: Lazy network operators - NOT)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]