[dba-SQLServer] Windows Secrets: The Sorry Tale of the (un)Secure Sockets Layer

Alan Lawhon lawhonac at hiwaay.net
Sun Sep 18 15:25:08 CDT 2011 

Mark:

I have a hardware router, (the "Zoom X5" Model 5654 ADSL supplied by my
ISP), AVG Internet Security, (including AVG firewall and all the other
features that come with the AVG Internet Security Suite), along with
AnteSpam email filtering provided by my ISP.  (I don't know this for sure,
but I think there might be a hardware firewall implemented in my router
which blocks any "bad stuff" before it gets to my browser.  If that's the
case, then I actually have two [separate] firewalls protecting me.)  I also
have automatic updates enabled for Windows Update.  (I suppose all this
makes me very "security conscious" with my PC.)  In addition, I'm very
careful about downloading "ActiveX" components - most of the time I refuse
them when I'm prompted.  Not sure if that's "smart" or not, but I'm being
ultra cautious about downloads.

I recall getting some type of virus from an email attachment that I
foolishly clicked on many years ago.  Getting that virus (or whatever it
was) was a nightmare getting off of my system.  That experience greatly
intensified my security awareness.

I have gone ahead and changed my Hosts file to read only.  With all the
other security I have implemented, setting the Hosts file to RO may be
overkill, but the harder I make it for a hacker to get into my computer, the
better.  I hope the odds of me being the victim of a hacker are [at least]
99:1 against.

Alan C. Lawhon
    
-----Original Message-----
From: dba-sqlserver-bounces at databaseadvisors.com
[mailto:dba-sqlserver-bounces at databaseadvisors.com] On Behalf Of Mark Breen
Sent: Sunday, September 18, 2011 10:19 AM
To: Discussion concerning MS SQL Server
Subject: Re: [dba-SQLServer] Windows Secrets: The Sorry Tale of the
(un)Secure Sockets Layer

Hello Stuart

Is this your command on your shortcut

C:\Windows\system32\notepad.exe C:\Windows\System32\drivers\etc\hosts

Me too.

Hello Alan,

you could do that, but my opinion is that if someone gets to your hosts file
and wants to change it you have so many problems that your hosts file being
RO is not going to make a difference anyway.  I would suggest instead to run
like hell.

Mark


On 17 September 2011 22:18, Stuart McLachlan <stuart at lexacorp.com.pg> wrote:

> As a general rule, an RO hosts file makes sense. Very few people ever need
> special entries
> in it.
>
> OTOH, I have a shortcut to mine in a folder on my desktop because I edit
it
> quite often,
>
> --
> Stuart
>
> On 17 Sep 2011 at 10:39, Alan Lawhon wrote:
>
> >
> > http://windowssecrets.com/top-story/the-sorry-tale-of-the-unsecure-soc
> > kets-l ayer/
> >
> >    http://tinyurl.com/3z9awxj
> >
> >
> >
> > This is a follow-up article to the story concerning corrupted root
> > certificates which I posted last week.  Microsoft issued an
> > out-of-cycle security patch to eliminate the source of the phony
> > certificates, (i.e. DigiNotar), and remove the threat to users of
> > Internet Explorer and other browsers.
> >
> > Since > than 99 percent of the potential "victims" of this security
> > breach were located over in Iran, Woody Leonhard seems to be implying
> > that this may be a case of the Government of Iran eavesdropping on its
> > citizens; thus there is little (if any) chance of this breach
> > adversely affecting users outside of Iran - like us.  Still, his
> > analysis of the "lax process" by which root certificates are issued is
> > illuminating.
> >
> > At the end of his article, Woody recommends that users consider
> > modifying their "Hosts" file (to read only) in order to "lock" their
> > system and prevent man-in-the-middle attacks and other
> > security-related vulnerabilities.  Before I modify a system file, I
> > want to check with the experts on here.  Are most of you in agreement
> > that changing your "Hosts" file (to read only) is a good idea?  (I
> > wonder why Microsoft doesn't make the "Hosts" file read only by
> > default?)
> >
> > Alan C. Lawhon
> >
> >
> >
> >
> >
> > _______________________________________________
> > dba-SQLServer mailing list
> > dba-SQLServer at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
> > http://www.databaseadvisors.com
> >
> >
>
>
>
> _______________________________________________
> dba-SQLServer mailing list
> dba-SQLServer at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
> http://www.databaseadvisors.com
>
>
_______________________________________________
dba-SQLServer mailing list
dba-SQLServer at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
http://www.databaseadvisors.com

More information about the dba-SQLServer mailing list