Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: .Net Satisfies Security Compliance Satistactions or Not ???

from [Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]] Network Security [Permanent Link]
Subject: Re: .Net Satisfies Security Compliance Satistactions or Not ???
Date: Sun, 30 Jul 2006 20:29:36 -0700
In this listserve... it was where someone said they talked in a SANS conference about the "Everyone" group and it's impact ... it's in regards to where the Everyone group in the 2k3 era does not include anon.

Go back in this listserve for the comment by the guy who said he went to a SANS conference where a complaint about the Everyone group was brought up in the conference.

Trevor Seward wrote: 
I apologize, I meant #2...the SANS comment.

Thanks!
Trevor


On 7/29/06 11:33 PM, "Laura A. Robinson" <larobins@bellatlantic.net> wrote:

How can I provide links to something I say doesn't exist? :-)

There are lots of guidelines out there, and there are even some relatively
well agreed-upon sets of them (Common Criteria "standards", etc.), but there
is not a specific single set of specifications that serves as a worldwide
standard. That's why I wondered to which "standards" the OP was referring.

Laura 

-----Original Message-----
From: Trevor Seward [mailto:trevor@rottdog.com]
Sent: Saturday, July 29, 2006 7:54 PM
To: larobins@bellatlantic.net; focus-ms@securityfocus.com
Subject: Re: .Net Satisfies Security Compliance Satistactions
or Not ???

Laura, not disputing your claim, but can you provide links
regarding #3?

Thanks!
Trevor


On 7/27/06 10:01 AM, "Laura A. Robinson"
<larobins@bellatlantic.net> wrote:

1. If it's not "any feud against M$", you might want to
consider not 
referring to Microsoft as "M$".

2. No offense to SANS, but even as recently as last week,
I've heard
things they've told people about MS software that were last true in
1996. I don't know if it's an endemic thing in SANS, or if
they just 
have one or two woefully uninformed people presenting for them, but
they have propagated some complete bulls**t presented as fact and
people unfortunately sometimes just swallow it up rather than
verifying for themselves whether the statements are accurate.

3. To whose "Security compliance standards" do you refer, exactly?
There is not a single set of standards out there for
anything computer
security related.

4. To what "vulnerable features" do you refer?

I'm sorry, but your post almost reads like a troll because
you don't
list a single specific question, just throw out some FUD
about the .NET framework.
If you have some actual questions, please, do ask them and you'll
undoubtedly get some well-informed responses. But what
you've written
below is unanswerable because it doesn't actually ask any
real questions.
Laura

-----Original Message-----
From: shyaam@gmail.com [mailto:shyaam@gmail.com]
Sent: Thursday, July 27, 2006 9:53 AM
To: focus-ms@securityfocus.com
Subject: .Net Satisfies Security Compliance Satistactions
or Not ???
Hey group,

I attended the SANS conference for .Net security session.
Based on some lecture's and based on my search findings at
internet
search engines, I wanted to ask if .NET cannot comply to
the Security 
compliance standards at all. Various issues involved with the
vulnerable features of .Net framework scares the hell out of the
Security Developers around the world, who are involved with .Net
framework. Did any security group consider making any updates and
releasing it to M$, has anyone contacted them yet, any progress on
fixing these issues and bringing it into compliance.


Sorry if that involved a lot of questions in a single email
:-) Was just curious to know what is going around.


Shyaam


PS: this is not any feud against M$ and I am just trying to learn
more about this. Please dont respond to this email thinking that I
belong to some anti-M$ gang, I am requesting as it has happened
before. I need more input and hence I am posting in this group.

--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------


----------------------------------------------------------------------
-----

----------------------------------------------------------------------
-----

---------------------------------------------------------------------------
---------------------------------------------------------------------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: MS Exchange, Kirby Boteler
Next by Date:  RE: MS Exchange, Devin Ganger
Previous by Thread:  Re: .Net Satisfies Security Compliance Satistactions or Not ???, Trevor Seward
Next by Thread:  API hooking, shyaam
Indexes:  [Date] [Thread] [Top] [All Lists]