Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Microsoft laxed security is threat to inter net
From: John.Airey () rnib org uk
Date: Mon, 12 Jul 2004 10:32:35 +0100

-----Original Message-----
From: System Outage [mailto:system.outage () gmail com]
Sent: Friday, 09 July 2004 23:19
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Microsoft laxed security is threat to
internet


[snip]
They (Microsoft) need to start using "Auto Updating" home and small
business network's, and it doesn't matter about the critics who say
it's a breach of privacy and you have no right modifying a users
computer. At the end of the day, we are talking about the spawning of
very large bot net's owned by script kiddies, who can easily take down
internet back bones and take out key infrastructure, which the very
existence of the internet depends on.

So you are asking that Microsoft can automatically break software on users
computers? Sounds like the cure is worse than the disease.


FD or BUGTRAQ can't save us now. Only Microsoft can. Implement Auto
updating software for security patches without delay.

There's only one saviour as far as I'm concerned, and it isn't Microsoft.

I don't have much faith in Service Pack 2 (The overhaul of 
Mircosoft code).

Doesn't this contradict your earlier statement about letting Microsoft
auto-update? Unless you are doubting whether users will install it. For
users on modem links an automatic update to SP2 is out of the question.

All of these Microsoft exploits will be the death of the internet one
day, when script kiddies decide to execute the mother of all denial of
service attacks against the internet. Trust me, bot net's big enough
are paused and waiting for such a day.

Death of the Internet - Movie at 11. 

We've already seen some massive attacks on the Internet (in fact 9/11 was
probably one of the biggest in terms of the backbone traffic generated) but
it's still up. Remember the original purpose was a network with no central
command (not even in Redmond, WA). It may not be perfect in that regard, but
it's still very robust. In fact, a backhoe can probably do more damage to
the Internet than Microsoft's software.

Microsoft will have big legal costs if it can be proven a Microsoft
flaw was the main vulnerability used.

Doubtful. They already disclaim responsibility for Windows anyway. Anyone
who trusts critical infrastructure to it needs to be sacked. How ironic it
is though that many cash machines in the UK are Windows terminals.

If it were so easy to fix these problems then most of us who are employed
and reading this list would be out of work. It isn't easy, and almost every
day is a game of techie russian-roulette which does wonders for my prayer
life.

-- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk 

I don't know which is worse. The makers of soap operas thinking they portray
real life or those that watch them thinking it is real life!

-- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • RE: Microsoft laxed security is threat to inter net John . Airey (Jul 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]