Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases

[Valdis.Kletnieks () vt edu]

On Thu, 28 Jun 2007 12:52:09 CDT, Dennis Henderson said:

> Did you  have to take a week of training to get it to that reasonably safe
> level? I doubt it. I know you're a very smart guy, but the skill it takes to
> get XPSP2 IE7 

I wouldn't know.  I don't swing the Microsoft way.

Probably took well over a week of effort to get to a reasonably safe level -
but that was because I was busy helping *develop* that level of code and BCP's.
 Sure, "make sure your network doesn't answer pings to the broadcast address"
is a no-brainer *now* - 7 and 8 years ago it was a fight to get it onto
people's radar.

http://www.sans.org/dosstep/roadmap.php?ref=3801

Yeah, you read that *now* and go "No Shit, Sherlock".  But note that (a) back
in 2001, the suggestions were deployed rarely enough that we had to make them,
and (b) there's *still* sites that haven't gotten the memo.

http://momo.lcs.mit.edu/spoofer/summary.php is *still* reporting that a lot of
the Internet is doing a piss-poor job of ingress filtering.

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.