Security Basics mailing list archives
RE: Ten least secure programs
From: "Depp, Dennis M." <deppdm () ornl gov>
Date: Tue, 01 Jul 2003 07:44:22 -0400
Chris, I think you left off the biggest security leak at Microsoft, namely Internet Explorer (any version). I also think you should be more precise with Outlook. Outlook XP is reasonably secure as is Outlook 2000 with the security update. If you are looking for products with inheirent design flaws, then I don't think IIS should be included. IIS can be secured. Its problem is Microsoft installs everything by default which makes it unsecure. I think you should also include FTP and NFS in your list. Denny
-----Original Message----- From: Chris Berry [mailto:compjma () hotmail com] Sent: Saturday, June 28, 2003 6:09 PM To: oclug () oclug org; windows2000 () freelists org; security-basics () securityfocus com I'm putting together a list of what seem to be the ten least secure computer items in use today with the idea of having a set of things to recommend AGAINST people using, probably to be posted on the IT room door with a note like "NO, you cannot use the following!!". Here is what I have so far, I'm looking for additions and comments. The list is in order from with the worst offender being number one. These should be products whose inheirent design is flawed, not that are just difficult to secure. I expect vigorous discussion. *putting on flame retardent garments* Oh, and leave Operating systems out of this one. 1) Microsoft Outlook 2) Telnet 3) Sendmail 4) IIS Server 5) Wireless networking 6) PHP 7) ? 8) ? 9) ? 10) ? Chris Berry compjma () hotmail com Systems Administrator JM Associates "Within every man beats a heart of darkness." --The Shadow _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail -------------------------------------------------------------- ------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Re: Ten least secure programs Patrick Boucher (Jul 02)
- <Possible follow-ups>
- RE: Ten least secure programs Paul Kurczaba (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Roger A. Grimes (Jul 02)
- Re: Ten least secure programs compguruman (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Richard Bennett (Jul 02)
- Re: Ten least secure programs Mitch Pirtle (Jul 02)
- Re: Ten least secure programs vh (Jul 02)
- RE: Ten least secure programs Depp, Dennis M. (Jul 02)
- RE: Ten least secure programs Chris Alliey (Jul 02)
- RE: Ten least secure programs Graham, Randy (RAW) (Jul 02)
- RE: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Dan Duplito (Jul 02)
- Re: Ten least secure programs Vic Parat (NSS) (Jul 02)
- Re: Ten least secure programs David Nichols (Jul 02)
- RE: Ten least secure programs Chris Berry (Jul 02)
- RE: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Steve Bremer (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)
(Thread continues...)