What about if the ISPs, the backbone providers, or whoever buys this filtering software at $x million dollars, but charge a penalty payment of, say, $100 for every page let through when it shouldn't be, or not let through when it should be.
If no company accepts this, then the ISPs, by putting out this tender without getting responses, have undertaken the reasonable means requires.
If they _do_ get a response, the company they bought it from would go broke in about two weeks.
Who wants to go searching for things to break this system (Everything from Dick Smith electronics, to pages in other languages..., SSL, etc)
Well, the ITSEC webpage (which lists NT 4 as "In evaluation", notes that it is only evaluating NT, without SMS, Exchange, MSMail, RAS, and Clipboard Viewer. What does MS know about the clipboard that we don't...
I tested it on an NT4 SP4 Workstation I have here. If you place the executable in a directory which you can write to (such as the desktop, or the many worls-writable directories mentioend above), it gives you membership of the local administrator group. Its then possible to use l0phtcrack to get the local administrator password, or to use the samba team's pwdump to get the list and run l0phtcrack offline. If its the same as the domain admin password.....
Slashdot Mirror
What about if the ISPs, the backbone providers, or whoever buys this filtering software at $x million dollars, but charge a penalty payment of, say, $100 for every page let through when it shouldn't be, or not let through when it should be.
If no company accepts this, then the ISPs, by putting out this tender without getting responses, have undertaken the reasonable means requires.
If they _do_ get a response, the company they bought it from would go broke in about two weeks.
Who wants to go searching for things to break this system (Everything from Dick Smith electronics, to pages in other languages..., SSL, etc)
Note that their footnote for this contains a link to http://www.lwn.net
< sarcasm >
Could it be because lwn has a security section each week, and Microsoft almost never announces security problems?
< /sarcasm >
Seriously though, did SP5 fix bugs such as the case-sensitivity bug? And if it did, did Microsoft tell anyone? did they ever admit that it was a bug?
Well, the ITSEC webpage (which lists NT 4 as "In evaluation", notes that it is only evaluating NT, without SMS, Exchange, MSMail, RAS, and Clipboard Viewer. What does MS know about the clipboard that we don't...
I tested it on an NT4 SP4 Workstation I have here. If you place the executable in a directory which you can write to (such as the desktop, or the many worls-writable directories mentioend above), it gives you membership of the local administrator group. Its then possible to use l0phtcrack to get the local administrator password, or to use the samba team's pwdump to get the list and run l0phtcrack offline. If its the same as the domain admin password.....
Most of Microsoft's pages give that with lynx. Probably can't handle not being able to do Javascript :P