|FROM ||Dave Williams
|SUBJECT ||Subject: [hangout] Pass the bong dude, it's Windows hacking time!
This delightful piece of work was found on
>From "Microsoft Launches New Security Certification"
By Barbara Darrow, CRN
Microsoft clearly has something to prove when it comes to secure
computing. At a Microsoft-hosted customer panel Monday, several IT
professionals acknowledged that the perceived insecurity of Microsoft
products has caused huge problems, and it really doesn't matter to a
company CEO if the problems result from faulty software or from risky IT
"It's Microsoft's fault and it's our fault also," said Gafar Lawal,
director of architecture at Merrill Lynch. "We were vulnerable [because]
our process did not handle the number of patches. We also took very
seriously that our partner [Microsoft] had such a flaw in their code."
But Lawal and others said Microsoft is not unique in its
vulnerabilities. "We have a Linux server that has three times the
critical updates as our Windows server," he said.
Nathan Hanks, managing director at Continental Airlines, said, "All the
guys hacking Windows are Linux guys." Continental was hit hard by SQL
Slammer and "our CEO said we'd failed," Hanks said.
"We cannot have undocumented servers that are responding to anonymous
queries ... that allow buffer overruns," Hanks said. "CIOs need people
in place to figure out why port 1434 is open on publicly exposed
Lawal said all companies need to have proper processes and personnel in
place to deal with potential breaches.
He also said he was impressed with Microsoft's response to the problems.
Gordon Mangione, vice president of SQL Server, hosted a conference call
with all the affected CTOs, and within a day Microsoft was mobilizing
resources, he said. "We don't get that from Microsoft competitors,"
Lawal said. "Having said that, we said some bad words."
Having one vendor throat to choke is helpful in crisis situations, Hanks
said. An IT pro can't go to the CEO and say that a server is down, "and
hopefully some guy in Amsterdam" will get to a fix when he gets back
from the "dope house," he said.
NYLXS: New Yorker Free Software Users Scene
Fair Use -
because it's either fair use or useless....
NYLXS is a trademark of NYLXS, Inc