Full Disclosure mailing list archives

Re: Anti-MS drivel

From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 20 Jan 2004 12:23:00 -0600 (CST)

On Sun, 18 Jan 2004, yossarian wrote:


        [SNIP]


I checked the flaws reported the last week - and yes I read many many lists,
some 250 mails per day - and the only thing getting close to software used
in bigger environments is this BEA thingie 5 days ago. Yeah, and I quote: "a
weakness in BEA WebLogic Server and Express allowing malicious people to see
a password when it is entered {a weakness in BEA WebLogic Server and Express
allowing malicious people to see a password when it is entered - it is
echoed to the screen when using ANT". So what? Looking at a keyboard is
easier. And stuff like BEA, or any J2EE for that matter, are just emerging
on the perifery, and have still a long way to go. The security industry is
primarily focussed on what is happening in small computing or the internet,
and these discussions here just mirror this narrowness. Alas, yet true. This
is also an explanation for the lack of legal claims - one of many, I know
that - against MS for the vulnerable software, it rarely hurts the bigger
companies that can afford the legal costs. And Yes you guys can give me a
lot of examples of companies hits over the years. So can I. But think again,
there are a lot of big companies out there. Do they all keep silent? You
think they can?


Actually BEA weblogic trinkets fit right into the middle of the core
infratructure and so blend their threats into the whole set/suit of
applications they are bound to, like in our case, authentication.

Makes their trinkets more then periphery...my employer also fits not the
small business model, tends towards the large end really.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Anti-MS drivel James Patterson Wicks (Jan 17)
- RE: Anti-MS drivel Scott Taylor (Jan 17)
  - Re: Anti-MS drivel yossarian (Jan 17)
    - RE: [inbox] Re: Anti-MS drivel Curt Purdy (Jan 18)
    - RE: [inbox] Re: Anti-MS drivel joe (Jan 18)
    - RE: [inbox] Re: Anti-MS drivel joe (Jan 18)
    - Re: [inbox] Re: Anti-MS drivel Valdis . Kletnieks (Jan 18)
    - Re: Anti-MS drivel Ron DuFresne (Jan 20)
    - Re: Anti-MS drivel Michal Zalewski (Jan 20)
    - RE: Old school applications on the Internet (was Anti-MS drivel) Bill Royds (Jan 20)
    - Re: Old school applications on the Internet(was Anti-MS drivel) Gregh (Jan 21)
    - RE: Old school applications on the Internet(was Anti-MS drivel) Steve Wray (Jan 21)
    - Re: Old school applications on the Internet(was Anti-MS drivel) Valdis . Kletnieks (Jan 22)
    - RE: Old school applications on the Internet(was Anti-MS drivel) Bill Royds (Jan 23)
    - Re: Old school applications on the Internet (was Anti-MS drivel) Nico Golde (Jan 22)
    - Re: Anti-MS drivel yossarian (Jan 20)
- Re: Anti-MS drivel Michael Gale (Jan 17)
  - Re: Anti-MS drivel Lee (Jan 18)

(Thread continues...)