Slashdot Mirror

← Back to Stories (view on slashdot.org)

SecurityFocus On MS Security "Hole"

Posted by timothy on from the if-you're-sitting-at-the-console dept.

friday2k writes "There is an interesting writeup at SecurityFocus that puts the latest security 'hole' in XP into perspective. It is a worthy read and should remind us all of the real issues out there." And it collects into one place much of the flak I caught after posting about the claimed security hole opened by the XP Recovery Console.

4 of 398 comments (clear)

  1. I hate to say it.. by grub · · Score: 5, Insightful


    .. but he is right about the physical security. Not long ago I walked a client several hundred km away through an OpenBSD boot via floppy so he could change his forgotten root password. I don't hear the masses screaming for Theo's head because this is possible.

    --
    Trolling is a art,
  2. Media exaggerates! Fear at Eleven! by Hubert+Q.+Gruntley · · Score: 5, Insightful

    Media organizations know they get eyeballs when their audience is afraid.

    Ignorant and afraid of terrorists? Watch Fox News.
    Ignorant and afraid of hackers? Read Wired, or WinInformant.

    Maybe we should be afraid of ignorance, instead.

    --
    Laugh at my Lisp and I keeell you.
  3. Oracle Bug Double Standard? by iCharles · · Score: 5, Insightful
    I was intrigued by the note at the bottom: Oracle having a security flaw, taking six months to fix it, and charging for the patch. I did two or three quick searches of "Older Stuff," and couldn't find an allusion to it.


    In contrast, I know SQL Slammer was reported day-of. In this case, a free patch was available six months prior to the worm. And let's face it: if the patch is available but not applied, it's not Microsoft's, Oracle's, Linus's, or any other vendor's fault--only the SysAdmin in question.


    One major difference was that SQL Slammer took out several networks, where Oracle did not have such impact.


    To \.'s credit (and I'm going mostly off memory), but big critique was on the DB admins, not on Microsoft.

  4. It all boils down to... by Anonymous Coward · · Score: 5, Insightful

    PHYSICAL SECURITY. This is the first tenet of network security. Prevent the box from being accessed by those who should have no access. This tenet, however well implemented, is absolutely useless if the baddies that mean your network harm are INDSIDE the network, which in 75% of cases is true. It's a sad-assed day indeed when your own employees are the evil that is supposedly lurking outside the firewall.