[dba-SQLServer] Windows Secrets: The Sorry Tale of the (un)Secure Sockets Layer

Stuart McLachlan stuart at lexacorp.com.pg
Sat Sep 17 16:18:12 CDT 2011


As a general rule, an RO hosts file makes sense. Very few people ever need special entries 
in it.  

OTOH, I have a shortcut to mine in a folder on my desktop because I edit it quite often,

-- 
Stuart

On 17 Sep 2011 at 10:39, Alan Lawhon wrote:

> 
> http://windowssecrets.com/top-story/the-sorry-tale-of-the-unsecure-soc
> kets-l ayer/
> 
>    http://tinyurl.com/3z9awxj
> 
> 
> 
> This is a follow-up article to the story concerning corrupted root
> certificates which I posted last week.  Microsoft issued an
> out-of-cycle security patch to eliminate the source of the phony
> certificates, (i.e. DigiNotar), and remove the threat to users of
> Internet Explorer and other browsers.
> 
> Since > than 99 percent of the potential "victims" of this security
> breach were located over in Iran, Woody Leonhard seems to be implying
> that this may be a case of the Government of Iran eavesdropping on its
> citizens; thus there is little (if any) chance of this breach
> adversely affecting users outside of Iran - like us.  Still, his
> analysis of the "lax process" by which root certificates are issued is
> illuminating.
> 
> At the end of his article, Woody recommends that users consider
> modifying their "Hosts" file (to read only) in order to "lock" their
> system and prevent man-in-the-middle attacks and other
> security-related vulnerabilities.  Before I modify a system file, I
> want to check with the experts on here.  Are most of you in agreement
> that changing your "Hosts" file (to read only) is a good idea?  (I
> wonder why Microsoft doesn't make the "Hosts" file read only by
> default?)
> 
> Alan C. Lawhon
> 
> 
> 
> 
> 
> _______________________________________________
> dba-SQLServer mailing list
> dba-SQLServer at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
> http://www.databaseadvisors.com
> 
> 






More information about the dba-SQLServer mailing list