Full Disclosure mailing list archives
Re: Anti-MS drivel
From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 20 Jan 2004 12:23:00 -0600 (CST)
On Sun, 18 Jan 2004, yossarian wrote: [SNIP]
I checked the flaws reported the last week - and yes I read many many lists, some 250 mails per day - and the only thing getting close to software used in bigger environments is this BEA thingie 5 days ago. Yeah, and I quote: "a weakness in BEA WebLogic Server and Express allowing malicious people to see a password when it is entered {a weakness in BEA WebLogic Server and Express allowing malicious people to see a password when it is entered - it is echoed to the screen when using ANT". So what? Looking at a keyboard is easier. And stuff like BEA, or any J2EE for that matter, are just emerging on the perifery, and have still a long way to go. The security industry is primarily focussed on what is happening in small computing or the internet, and these discussions here just mirror this narrowness. Alas, yet true. This is also an explanation for the lack of legal claims - one of many, I know that - against MS for the vulnerable software, it rarely hurts the bigger companies that can afford the legal costs. And Yes you guys can give me a lot of examples of companies hits over the years. So can I. But think again, there are a lot of big companies out there. Do they all keep silent? You think they can?
Actually BEA weblogic trinkets fit right into the middle of the core infratructure and so blend their threats into the whole set/suit of applications they are bound to, like in our case, authentication. Makes their trinkets more then periphery...my employer also fits not the small business model, tends towards the large end really. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Anti-MS drivel James Patterson Wicks (Jan 17)
- RE: Anti-MS drivel Scott Taylor (Jan 17)
- Re: Anti-MS drivel yossarian (Jan 17)
- RE: [inbox] Re: Anti-MS drivel Curt Purdy (Jan 18)
- RE: [inbox] Re: Anti-MS drivel joe (Jan 18)
- RE: [inbox] Re: Anti-MS drivel joe (Jan 18)
- Re: [inbox] Re: Anti-MS drivel Valdis . Kletnieks (Jan 18)
- Re: Anti-MS drivel yossarian (Jan 17)
- Re: Anti-MS drivel Ron DuFresne (Jan 20)
- Re: Anti-MS drivel Michal Zalewski (Jan 20)
- RE: Old school applications on the Internet (was Anti-MS drivel) Bill Royds (Jan 20)
- Re: Old school applications on the Internet(was Anti-MS drivel) Gregh (Jan 21)
- RE: Old school applications on the Internet(was Anti-MS drivel) Steve Wray (Jan 21)
- Re: Old school applications on the Internet(was Anti-MS drivel) Valdis . Kletnieks (Jan 22)
- RE: Old school applications on the Internet(was Anti-MS drivel) Bill Royds (Jan 23)
- RE: Anti-MS drivel Scott Taylor (Jan 17)
- Re: Old school applications on the Internet (was Anti-MS drivel) Nico Golde (Jan 22)
- Re: Anti-MS drivel yossarian (Jan 20)
- Re: Anti-MS drivel Lee (Jan 18)