WashingtonPost computer security stories

• Previous message (by thread): WashingtonPost computer security stories
• Next message (by thread): WashingtonPost computer security stories
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 15 Aug 2004, Mikael Abrahamsson wrote:

> As far as I know, there is no remotely exploitable hole in windows that
> doesn't have a patch for it, nothing majorly in the wild anyway. I run my
> fully patched XP laptop without firewall directly connected to the
> internet all the time and the above you mention doesn't happen to me.

i'm sure there are plenty, and not just in windows. just because you dont know 
about them or theres nothing published doesnt mean it doesnt exist. the hole 
used by sapphire didnt 'exist' until sapphire infected all the open windows 
boxes within a couple hours

even with your firewall you're not safe, stuff can get through if you either 
allow it with a listening port (eg webserver) or by malicious trojan data (eg 
javascript embedded in webpage, crafted response to dns/ping/snmp/ssh/whatever)

> Bad hardware and application software cause a lot more problems than 
> the operating system itself. 

i think they're all major things you should include in any security assessment, 
the exact order of importance is irrelevant

Steve

• Previous message (by thread): WashingtonPost computer security stories
• Next message (by thread): WashingtonPost computer security stories
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]