Re: Ten least secure programs

From: Ansgar Wiechers <bugtraq(at)planetcobalt.net>
Date: Tue Jul 01 2003 - 04:52:23 EDT

I'm not sure if this discussion will be productive in any way, since you seem to concentrate too much on the software and ignore layer 8, which is (IMHO) the major problem. But anyway, here you go:

On 2003-06-28 Chris Berry wrote:
> I'm putting together a list of what seem to be the ten least secure

I'm not sure if this discussion will be productive in any way, since you seem to concentrate too much on the software and ignore layer 8, which is (IMHO) the major problem. But anyway, here we go:

> 1) Microsoft Outlook

I beg to differ on this one. Outlook is a groupware client and is therefore *designed* to be insecure. It's a behaviour I would expect from a groupware client. Of course one should *not* use Outlook as an internet mail client (at least not without taking further precautions). Also I would like to mention that AFAIR all vulnerabilities in Outlook are vulnerabilities of the Internet Explorer (which I suggest to put on this list instead).

> 2) Telnet
> 3) Sendmail

You might want to add FTP in general and BIND (at least earlier than version 9) here.

Regards
Ansgar Wiechers

---

Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.      

Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.           

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

---

Received on Wed Jul 2 13:08:30 2003