First of all why do people insist on hiding names of companies that
do stuff like this? It just makes it look like your manufacturing
an event that doesn't exist, it destroys your credibility.
Secondly, if you think that this is an example of "badness" on Windows
security best practices you simply have not seen Windows deployed in
90% of production networks out there. This is NOTHING compared to
S.O.P. on most Windows setups.
Imagine MS-DOS/LanManager network security model of 30 years ago. Now
imagine Windows networks today in the vast majority of production installs.
NO EFFING DIFFERENCE!!!!!!!!!
Ted
PS: Naturally there will be some Windows-kool-aid drinker who is going
to angrily reply to this post claiming Windows is secure if people just
followed Microsoft's directions.....
On 7/9/2014 11:06 AM, David F. Skoll wrote:
On Wed, 09 Jul 2014 05:44:34 +0200
Karsten Bräckelmann<guent...@rudersport.de> wrote:
If you deliberately try to sneak past sensible security measures, you
should not be surprised to be blocked. The attempt by an honest user
to disguise any $file (he did it on purpose, so he knows there's
issues with that) is in no way better than a dis-honest user
disguising a file.
Since implementing this rule, I have been *shocked* to discover that a
large data processing company (name hidden to protect the guilty)
sends out information about credit-card processing in the form of
obfuscated Microsoft Windows executable files!!! (They're renamed to
end in ".ex" instead of ".exe") I tried running one of these files inside
Wine. It's a "PGP Self Decrypting Archive" that asks for a passphrase.
The mind boggles! *THIS* is the state of Windows "security" best practices?
Regards,
David.
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
