[WEB SECURITY] honeymonkeys, client honeypots

Tom P Kroll TKroll at HINSHAWLAW.COM
Thu May 19 21:33:29 EDT 2005


MS should be spending its resources pro-actively
working on fundamentally more secure OS and application designs.
As I understand it MS is exposing a select number of machines to high risk 
sites to determine how the latest attacks work.  The information gained is 
used for patches and, I'm sure, to help write tighter code for future 
software releases.  This sounds very pro-active to me. 

 ...this implies that micky$loth actually believes that I.E./Windows 
security is such a lost cause that it's actually _easier_ to trawl (albeit 
automatically) through the vast expanse of the web instead!
I do not agree that this implies MS believes I.E. is a lost cause.  This 
is one of many efforts being made by Microsoft in the continuing effort to 
secure our systems.   Many companies are working hard in this effort and I 
applaud all of them. 

Tom Kroll
Hinshaw & Culbertson LLP
Network Systems & Security Administrator
312 704 3345






Skip Carter <skip at taygeta.com> 
05/19/2005 07:32 PM

To
websecurity at webappsec.org
cc
simon.roberts at earthlink.net
Subject
Re: [WEB SECURITY] honeymonkeys, client honeypots







> What appears to be most interesting to me, is that this implies that
> micky$loth actually believes that I.E./Windows security is such a lost
> cause that it's actually _easier_ to trawl (albeit automatically)
> through the vast expanse of the web instead! Good grief, what a
> confession that makes.

I wholeheartedly agree.  MS should be spending its resources pro-actively
working on fundamentally more secure OS and application designs.
It should leave the trolling for whats already out there to
Anti-virus/worm and other security organizations.



Skip



-- 
 Dr. Everett (Skip) Carter           Phone: 831-641-0645 FAX: 831-641-0647
 Taygeta Network Security Services   email: skip at taygeta.net
 1340 Munras Ave., Suite 314         WWW: http://www.taygeta.net/
 Monterey, CA. 93940 












---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20050519/b8b95806/attachment.html>


More information about the websecurity mailing list