Your client needs to update their workstations to a better operating
system. ALL operating systems are better than Windows XP.
Right now, they are in danger of a "Zero Day" attack that can compromise
their Windows XP machines, and once a foothold in their network is
established, potentially contaminate every machine on that network, and
every network that network connects to.
With all due respect, FUD.
This claim has been made for over a year. Something like 30% of OSes were
still XP a year or so ago, and supposedly the day after MS stopped
"support" the world was going to come to an end with a massive zero-day
attack. So far, no fire to go with all the smoke.
There was one issue discovered with *IE* on Windows XP, not the OS itself,
and MS issued a patch even though XP is no longer "supported". If that
happens again, I bet they do it again.
Again, the older your OS is, the less likely it is an actual target for
real, not theoretical, malware that is actually in circulation today.
As for SSL, (https in the browser, sometimes a little padlock) all that
does is ensure that an encrypted connection exists between the two
endpoints of the client application (browser) and the destination (web
application). This simply ensures that anyone who can see that network
stream of data ("a man in the middle") cannot read the data. However, if
the browser endpoint is compromised, all the data going over that
connection could be read, monitored, stolen or altered.
SSL certificates are a form of blackmail. You pay in order to get somebody
to issue an opinion that your encryption is good. That does not mean your
encryption is not good if you don't pay to get the certificate.
Ken Dibble
www.stic-cil.org
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
