On Sat, 28 Jun 2003, Etaoin Shrdlu wrote:
Sheer, utter, mind-numbing nonsense. If it weren't for the tremendous amount of software out there that makes it EASY to take over machines (and I include every single default install of every single OS that enables anything more than port 22), if it weren't for the stunning array of folk
Heavy sigh. Unfortunately even that isn't good enough for some vendors. Yep, believe it or not, at least one vendor managed to create a buffer overflow in their IP stack which didn't require *ANY* ports to be open on the victim. If it was connected to the network with an active IP interface, that was enough. If you want complete network safety, you want wire cutters. Then you just have to worry about the traditional physical stuff like sneaker net, theft, etc. The unanswered question is what should be considered reasonable? And how much of a burden should the end-user carry?