Secure by Default

Threat level definition

Secure by Default
Tim Mullen, 2003-04-27

With Windows Server 2003, Microsoft has finally produced an operating system that isn't begging to be hacked on the first boot.

Expand all | Post comment

Secure by Default - oh boy, here we go again. 2003-04-28
Anonymous

Secure by Default - READ BEFORE YOU POST. 2003-04-28
Anonymous (2 replies)

Secure by Default - READ BEFORE YOU POST. 2003-04-28
Anonymous (1 replies)

Secure by Default - READ BEFORE YOU POST. 2003-04-29
Anonymous (2 replies)

Yawn. Another "I'm more geeky than you" pissing contest. (N/T) 2003-04-30
Anonymous

Secure by Default - READ BEFORE YOU POST. 2003-04-30
Anonymous (2 replies)

Secure by Default - READ BEFORE YOU POST. 2003-05-01
Anonymous (3 replies)

Secure by Default - READ BEFORE YOU POST. 2003-05-02
Anonymous

Secure by Default - READ BEFORE YOU POST. 2003-05-02
Penguinisto (1 replies)

Secure by Default - Learn something (before you reply again). 2003-05-06
Anonymous (1 replies)

Oh puh-leeze - you have to resort to sematics games? 2003-05-08
Penguinisto

Secure by Default - READ BEFORE YOU POST. 2003-05-03
Anonymous

Secure by Default - READ BEFORE YOU POST. 2003-05-06
Anonymous

Secure by Default - READ BEFORE YOU POST. 2003-04-30
Anonymous

Secure by Default, Insecure by Birth 2003-04-28
Drek Software Inc. (2 replies)

What? Say 60 days from release into the public domain and we'll have our first major vulnerability reported. Probabaly less. The problem is illustrated by the author of this article. That is the vendor's equal inability to accept the fact that they simply cannot make secure products. It cannot by done. You can take a person with a terrible voice and train them for 100 years and they will never be a singer. As with the author of this article, he finds it necessary to dilute the seriousness of the issue by always pointing elsewhere..."look at Solaris....look at AT&T..." It is this self-defeating mindset which contributes to the insecure products produced by this vendor. For a more accurate interpretation of this "new" system look here:

http://www.infosecuritymag.com/2003/apr/cover.shtml

http://www.infosecuritymag.com/2003/apr/lockdown.shtml

"Microsoft made a major architectural change to IIS to improve its performance. The logic responsible for initial processing of HTTP requests was moved out of IIS, which runs in user mode, to a kernel-mode component called http.sys. Code runs faster in kernel mode. But this could also be disastrous if the code falls victim to a buffer overflow, since kernel mode operates at a much higher privilege level."

60 days and counting...

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/157/19605#19605

Secure by Default, Insecure by Birth 2003-04-28
Anonymous

Secure by Default, Insecure by Birth 2003-05-03
Anonymous (2 replies)

Secure by Default, Insecure by Birth 2003-05-05
Anonymous

Secure by Default, Insecure by Birth 2003-05-06
Anonymous

Secure by Default 2003-04-28
alexbal

Secure by Default 2003-04-28
Anonymous

Secure by Default 2003-04-28
xenophi1e <oliver.lavery@sympatico.ca> (1 replies)

It's partly real, but partly a PR thing 2003-04-30
Anonymous

Well, I'll give you this much, Timster... 2003-04-28
Penguinisto (4 replies)

Well, I'll give you this much, Timster... 2003-04-28
Anonymous (6 replies)

Well, I'll give you this much, Timster... 2003-04-29
Anonymous (2 replies)

Well, I'll give you this much, Timster... 2003-04-29
Penguinisto (1 replies)

Well, I'll give you this much, Timster... 2003-05-03
Anonymous (1 replies)

Well, I'll give you this much, Timster... 2003-05-05
Penguinisto

Well, I'll give you this much, Timster... 2003-04-29
Anonymous

Well, I'll give you this much, Timster... 2003-04-29
Anonymous

Well, I'll give you this much, Timster... 2003-04-29
xenophi1e <oliver.lavery@sympatico.ca>

Well, I'll give you this much, Timster... 2003-04-29
Anonymous

Well, I'll give you this much, Timster... 2003-04-29
Penguinisto

Well, I'll give you this much, Timster... 2003-04-29
Anonymous

Well, I'll give you this much, Timster... 2003-04-29
Anonymous (2 replies)

Zealotry comes in all forms. 2003-04-29
matt@beatlab.org (2 replies)

Zealotry comes in all forms. 2003-04-29
blacklight (1 replies)

Zealotry comes in all forms. 2003-05-02
Penguinisto

Zealotry comes in all forms. 2003-05-06
Noran Rad

Well, I'll give you this much, Timster... 2003-04-29
Anonymous

Well, I'll give you this much, Timster... 2003-04-30
Anonymous (1 replies)

Well, I'll give you this much, Timster... 2003-05-02
Penguinisto

Well, I'll give you this much, Timster... 2003-05-03
Anonymous

Secure by Default 2003-04-29
blacklight

Secure by Default (Pathetic) 2003-04-29
Anonymous (3 replies)

Secure by Default (Pathetic) 2003-04-30
Th. Klein

Opinionated by Default (Pathetic) 2003-04-30
Bruce

Secure by Default (Pathetic) 2003-05-02
blacklight (2 replies)

Secure by Default (Pathetic) 2003-05-02
Anonymous

Secure by Default (Pathetic) 2003-05-03
Anonymous

Secure by Default 2003-04-29
Anonymous (1 replies)

Secure by Default 2003-04-29
Doug Sibley (3 replies)

Secure by Default 2003-04-29
Anonymous

Secure by Default 2003-04-30
Anonymous

Secure by Default 2003-05-03
Anonymous

Secure by Default 2003-04-29
Anonymous (1 replies)

Secure by Default 2003-05-01
Anonymous

Hrm 2003-04-30
DC0 (1 replies)

Hrm 2003-05-02
Ryan Lambert

Secure by Default 2003-05-02
Ryan Lambert

Where can I find the companion texts you cited? 2003-05-02
Jim Barrett (1 replies)

Where can I find the companion texts you cited? 2003-05-06
Anonymous

Partial list of on default default services in ws2003 2003-05-05
Anonymous (1 replies)

Partial list of on default default services in ws2003 2003-05-06
Anonymous

Privacy Statement
Copyright 2009, SecurityFocus