[59164] in North American Network Operators' Group
RE: Mobile code security (was Re: rr style scanning of non-customers)
daemon@ATHENA.MIT.EDU (Herb Leong)
Mon Jun 16 20:58:20 2003
Date: Mon, 16 Jun 2003 18:00:17 -0700
From: Herb Leong <herb@urusei.net>
To: wsimpson@greendragon.com, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
> As far as I could tell, the vector was AOL IM. So, it's not only M$
> and outlook. Why oh why are vendors shipping with defaults like no
> restrictions on "buddy" downloads and execution?
Hiya,
The same reason why some linux installs were/are totaly open:
They wanted it to work outta the box. It's viewed that it's better
to have your product widely in use and insecure (so now the user has
to come back and pay you or someone else for security--or take care
of it themselves) than to have it secure from the get-go and not
used much because it is too much of a PITA to get up and running...
/herb
