|
|
BugTraq
Windows Server 2003 Security Guide available Apr 25 2003 04:35AM Michael Howard (mikehow microsoft com) (1 replies) RE: Windows Server 2003 Security Guide available Apr 25 2003 09:27PM Jason Coombs (jasonc science org) (2 replies) RE: Windows Server 2003 Security Guide available Apr 29 2003 05:52AM Frank Knobbe (fknobbe knobbeits com) (1 replies) RE: Windows Server 2003 Security Guide available Apr 29 2003 07:49AM Jason Coombs (jasonc science org) |
|
Privacy Statement |
> For all the progress Microsoft has made lately in understanding
> security, it's the simple things that most of us take for granted as
> obvious that still get overlooked for some reason.
> Microsoft does not distribute these guides using SSL, so the distribution is
> vulnerable to MITM attacks.
Indeed.
> Anyone interested in downloading these guides must be aware that
> they are distributed by Microsoft in the form of self-extracting
> .exe's bearing digital signatures embedded in the Portable
> Executable file's header section.
Just out of curiosity (I have no Windows systems, but anyway...) I
downloaded the .exe and was able to unpack it under Linux using
"unzip". So if you want to examine this file more-or-less securely,
open it on a UNIX or Linux box instead of Windows.
What I found interesting is that some of the documentation is in
Microsoft Word or MS Excel format. This implies that to take full
advantage of the information, you need to own an MS Office license.
Is this another example of abuse of monopoly? For that matter, are .doc
or .xls documents necessarily safer than .exe's? You decide...
--
David.
[ reply ]