OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Wim Remes (wim.remesskynet.be)
Date: Thu Oct 04 2001 - 13:26:19 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    That 2nd last paragraph is a really stupid idea. Most Admins (at least the
    very few that are concerned about
    security on their network) already use programs or have developed
    techniques to push patches, etc to the
    clients. I'm certainly not gonna pay for another M$ product when I can
    handle updating of the clients with
    a simple tool like KixTart !!!! That 'new' server product will in itself be
    subject to vulnerabilities, poor programming,...
    Let's imagine that a hacker succeeds in writing a virus that masks itself as
    a MS-update, gets access
    on the Local Update Server & sits back until the MS-server decides to
    distribute it to every single client on your network...
    That'd be fun ....

    Security ain't a thing you can buy ! It is a service you provide to your
    customers, something you work on every day &
    last but not least something that should never be put back with the simple
    question "Why would anyone target me?"

    cheers,

    Wim

    -------------------------------------------------------------
    I really don't wanna hear that Texan say "Make no mistake about it..." one
    more time...
    ----- Original Message -----
    From: Arendt, Jordan ED0 <Jordan.Arendtsasked.gov.sk.ca>
    To: 'Paul L Schmehl' <paulsutdallas.edu>; Byron Kennedy
    <byronmarkettools.com>; <focus-mssecurityfocus.com>
    Sent: Thursday, October 04, 2001 6:50 PM
    Subject: RE: Microsoft Announces Strategic Technology Protection Program

    > Read the second last paragraph:
    >
    > http://www.secadministrator.com/Articles/Index.cfm?ArticleID=22751
    >
    >
    > Jordan
    >
    > -------------------------
    > <snip>
    >
    > But you're absolutely right. Updates at LAN speeds would sure be more
    > convenient, especially in a "crisis" situation. The Internet isn't always
    > "up". Our LAN is.
    >
    > <snip>
    > > needed fixes. Oww yeah, and it could provide a web front-end like
    > > windowsupdate. :) I'm sure someone besides me has thought of this. The
    > > Windowsupdate site is a great interface to point users to, but we need a
    > > local Server w/ LAN speed access.
    >