Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Microsoft Coding / National Security Risk
From: madsaxon <madsaxon () direcway com>
Date: Fri, 26 Mar 2004 13:34:28 -0600

At 01:23 PM 3/26/2004 -0500, joe wrote:

I would hope the US government isn't using Windows in the way normal home
users are. And in fact having personally spoken with several folks from the
US Government and the US Military (US Army specifically which was
interesting...) in charge of this stuff this week at a conference I can
actually in fact say that they don't use Windows like normal home users.

A sample size of "several" is hardly adequate for drawing a
conclusion of this magnitude.  The fact is that there are no
universal standards for Windows installations in the US government.
There are mountains of best practices, mandates, regulations,
and policies, but none of these ensure rigid compliance. The
degree to which Windows workstations are "locked down" runs the
full spectrum, right up to 'virtually wide open.'

The US military is considerably more rigorous than the civilian
government in this regard, but even then there are systems which
have slipped through the cracks. Evidence for this is the fact that
Web defacement mirrors still occasionally contain both .gov and
.mil entries.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]