Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)

[Brian Russo <brian () entropy net>]

At Mon, Apr 19, 2004 at 06:12:16AM -0400, Chris Brenton wrote:
> Key word here is "essentially". I've been involved with about a half
> dozen compromises that have been true zero days. Granted that's less
> than ground noise compared to what we are seeing today.

There're a lot more 0-days than that. They just tend to remain 
within a smaller community (typically the ones who discover it) and are 
used carefully/intelligently for compromises, often for a very long 
time. Then it gets leaked by someone and released into the wild/script 
kiddie community or someone else discovers it...

(more for benefit of others than a response to you)

> Also, don't underestimate a person's ability to shoot themselves in the
> foot. Windows 2003 server, out of the box, is technically one of the
> most secure operating systems out there because it ships with no open
> listening ports. Based on the auditing I've done however, it ends up
> being deployed even less secure than 2000 because a lot of admins end up
> doing the "turn everything on to get it working" thing. An uneducated
> end user is not something you can fix with a service pack.

Agreed, and even conscientious users screw up. I did this some months 
ago when installing MS SQL Server Desktop Engine from a third-party CD 
(packaged with software). This was well after the whole Slammer affair, 
memories fade and I didn't stop to realize they used the same 
codebase.... (oops)

 - bri