WashingtonPost computer security stories
Stephen J. Wilcox
steve at telecomplete.co.uk
Tue Aug 17 09:46:27 UTC 2004
On Sun, 15 Aug 2004, Mikael Abrahamsson wrote:
> As far as I know, there is no remotely exploitable hole in windows that
> doesn't have a patch for it, nothing majorly in the wild anyway. I run my
> fully patched XP laptop without firewall directly connected to the
> internet all the time and the above you mention doesn't happen to me.
i'm sure there are plenty, and not just in windows. just because you dont know
about them or theres nothing published doesnt mean it doesnt exist. the hole
used by sapphire didnt 'exist' until sapphire infected all the open windows
boxes within a couple hours
even with your firewall you're not safe, stuff can get through if you either
allow it with a listening port (eg webserver) or by malicious trojan data (eg
javascript embedded in webpage, crafted response to dns/ping/snmp/ssh/whatever)
> Bad hardware and application software cause a lot more problems than
> the operating system itself.
i think they're all major things you should include in any security assessment,
the exact order of importance is irrelevant
Steve
More information about the NANOG
mailing list