[Dshield] Microsoft ASN.1

Chuck Lewis clewis at iquest.net
Fri Feb 13 20:02:46 GMT 2004

Excuse me Mark but this was from a tech story and it is hardly comparable to
what you say. And if it wasn't such a concern then why does SANS have a
"Windows XP: Surviving the First Day" which states:

"Since its release, a number of severe security vulnerabilities have
been discovered in Windows XP. These vulnerabilities are used by
worms and viruses, making it impossible to connect an unsecured,
unpatched system to the Internet for any amount of time without
risking exposure and infection. Users of new computers are faced
with the dilemma of being infected by these worms before being able
to download the necessary patches.
This guide will show how to install Windows XP securely, without
being infected by these worms during the patching process."

While this specifically mentions XP, it is no different than any other
versions of Windows in varying degrees...

Playing around a few years ago, I stuck a test PC running W2K Pro (that had
NOT been hardened) on to a new cable connection and was compromised in no

No offense or anything but while this isn't "the sky is falling" it is a
problem. That's why the majority of computer infected by Mydoom were said to
be home PC's...


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of mark rowlands
Sent: Thursday, February 12, 2004 3:21 PM
To: General DShield Discussion List
Subject: RE: [Dshield] Microsoft ASN.1


> -----Original Message-----
> From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On Behalf Of Chuck Lewis
> Sent: Thursday, February 12, 2004 8:01 PM
> To: 'General DShield Discussion List'
> Subject: RE: [Dshield] Microsoft ASN.1

> "Within the first 10 minutes of hooking up to a home 
> broadband connection you have been "found" and within the 
> next 10 minutes attacks have started against your PC". 

I love this stuff, eating fries will give you cancer, smoking
dope leads inexorably to heroin abuse and the internet is chockful
of wild eyed script kiddies that are out to get you...personally. 

Now I am not saying you shouldn't take all reasonable precautions, what
am saying is you shouldn't throw wild claims (or clams for that matter)
around.  It just makes you sound a bit on the deranged side.

I have found that a rational, calm, measured explanation of the 
cost / benefit / risk equation is far more effective in persuading, 
particularly home users, that a firewall, and the requisite effort
in learning how to deploy it, is  a worthwhile investment.

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list