Hosting Provided By

Re: Ten least secure programs

From: Ansgar Wiechers <bugtraq(at)planetcobalt.net>
Date: Thu Jul 03 2003 - 04:11:54 EDT

On 2003-07-02 Tim Greer wrote:
>
> ----- Original Message -----

I apologize if I didn't make clear enough what I meant by saying "designed to be insecure". I will try to be more precise this time.

Outlook is a groupware client and as such is (or at least should be) designed to enhance productivity, not security. In a groupware environment a user *should* be able to open documents from within the message. Macros *should* be able to access the address book or other components e.g. word processor or spreadsheet (so you can automate tasks). You *should* be able to use HTML or something else for formating in messages. You *should* be able to access global address books and access the data of co-workers (e.g. to assign tasks to them or to plan meetings).
None of the above apply to internet mail.

A groupware environment is much more trusted than the internet, so you should check every single bit that goes into your groupware environment and maybe every single bit that leaves it, but you should not check every bit circling inside it.

And to repeat that again: virtually all security holes in Outlook (as well as in Outlook Express) are holes in Internet Explorer, which is the real culprit (at least IMO). No, I don't count layer 8 security breaches here.

> > > 2) Telnet

Tunneling isn't the point, as ist would apply to telnet as well, and neither tunnels nor sftp come out of the box when you install an ftpd. And why would you want your users to use FTP clients when scp (or sftp) could be used instead?

Do you need help?

Regards
Ansgar Wiechers

Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

Received on Thu Jul 3 20:12:36 2003

This message: [ Message body ]
Next message: exon: "Re: Question for you all"
Previous message: Robert Sieber: "RE: Security issue in Windows 2000?"
In reply to Tim Greer: "Re: Ten least secure programs"
Next in thread: Tim Greer: "Re: Ten least secure programs"
Reply: Tim Greer: "Re: Ten least secure programs"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:05:32 EDT