On Wed, Jul 9, 2014 at 2:23 PM, Ted Mittelstaedt <t...@ipinc.net> wrote:
>
> First of all why do people insist on hiding names of companies that
> do stuff like this? It just makes it look like your manufacturing
> an event that doesn't exist, it destroys your credibility.
>
You mean besides NDAs and policies that at the very least might
cause those people to be fired by their employers? If you ever went to
a defcon open presentation, they do their best not to divulge the
names of involved parties.
> Secondly, if you think that this is an example of "badness" on Windows
> security best practices you simply have not seen Windows deployed in
> 90% of production networks out there. This is NOTHING compared to S.O.P. on
> most Windows setups.
>
> Imagine MS-DOS/LanManager network security model of 30 years ago. Now
> imagine Windows networks today in the vast majority of production installs.
>
> NO EFFING DIFFERENCE!!!!!!!!!
>
> Ted
>
>
> PS: Naturally there will be some Windows-kool-aid drinker who is going
> to angrily reply to this post claiming Windows is secure if people just
> followed Microsoft's directions.....
>
>
>
> On 7/9/2014 11:06 AM, David F. Skoll wrote:
>>
>> On Wed, 09 Jul 2014 05:44:34 +0200
>> Karsten Bräckelmann<guent...@rudersport.de> wrote:
>>
>>> If you deliberately try to sneak past sensible security measures, you
>>> should not be surprised to be blocked. The attempt by an honest user
>>> to disguise any $file (he did it on purpose, so he knows there's
>>> issues with that) is in no way better than a dis-honest user
>>> disguising a file.
>>
>>
>> Since implementing this rule, I have been *shocked* to discover that a
>> large data processing company (name hidden to protect the guilty)
>> sends out information about credit-card processing in the form of
>> obfuscated Microsoft Windows executable files!!! (They're renamed to
>> end in ".ex" instead of ".exe") I tried running one of these files inside
>> Wine. It's a "PGP Self Decrypting Archive" that asks for a passphrase.
>>
>> The mind boggles! *THIS* is the state of Windows "security" best
>> practices?
>>
>> Regards,
>>
>> David.
>
>
> ---
> This email is free from viruses and malware because avast! Antivirus
> protection is active.
> http://www.avast.com
>
