On Sun, Jun 05, 2005 at 10:25:39PM -0400, Steve Shockley wrote: > Mark Uemura wrote: > Remote access: Windows' built-in Remote Desktop is included with the OS, > you don't need OpenBSD for that. You couldn't do that over your Intel > VPN? Remote Desktop is potentially vulnerable to MITM, but it's > probably more secure than an external web site like GoToMyPC. > > VPN: Why the hell does everyone hate the included Microsoft VPN? If you > run an MS shop, it's easy and cheap. That uses IPsec, ISAKMP and PKI. > It also has features to quarantine Windows clients that don't meet your > criteria for system security. To start with http://www.schneier.com/pptp.html and also because I for one don't trust *any* security related code that I can't get the source for. I think I'm not alone here by any means. > > (Yes, the MS PPTP protocol had some weaknesses, but that was 1998. > That'd be like avoiding OpenSSH because the SSH 1.0 protocol had some > weaknesses.) No. It would be like SSH having well documented fundamental flaws and then a group with a reputation for producing bad code told us that they were all fixed but not letting us look at the code telling us that they are fixed.
Fact of the matter is we can look at the OpenSSH code and see if the problems that we know about are fixed or not. You can't do that with closed source. So do you really want to trust your data going over a public network to a vendor with Microsoft's rep for getting crypto and security wrong? I sure as hell know I don't want to. -- BOFH excuse #99: SIMM crosstalk. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
