Re: [NF] Clarification on web security

Author: Ted Roche

Posted: 2014-07-30 at 10:27:27

On Wed, Jul 30, 2014 at 10:25 AM, Joe Yoder <joe@wheypower.com> wrote:

>

> My client has been getting warning messages that, since they are running

> XP, their access will be cut off soon as Microsoft has dropped support for

> XP. I contacted the vendors sales rep and explained that Microsoft is

> continuing support for Server 2003 until 2015 and that by that time my

> client will have migrated to Server 2008. She was satisfied that this will

> be satisfactory.

>

Windows XP is no longer supported NOW:

http://www.microsoft.com/windows/en-us/xp/end-of-xp-support.aspx

Your client needs to update their workstations to a better operating

system. ALL operating systems are better than Windows XP.

Right now, they are in danger of a "Zero Day" attack that can compromise

their Windows XP machines, and once a foothold in their network is

established, potentially contaminate every machine on that network, and

every network that network connects to.

As for SSL, (https in the browser, sometimes a little padlock) all that

does is ensure that an encrypted connection exists between the two

endpoints of the client application (browser) and the destination (web

application). This simply ensures that anyone who can see that network

stream of data ("a man in the middle") cannot read the data. However, if

the browser endpoint is compromised, all the data going over that

connection could be read, monitored, stolen or altered.

Replace your Windows XP workstations with anything: iPads, X-Boxes,

iPhones, Android phones/tablets, Linux machines, even updated Windows

machines -- and the problem gets kicked down the road, until the next round

of updates.

Microsoft Server 2003 is also on its way out and ought to be replaced, too:

http://support.microsoft.com/lifecycle/search/default.aspx?alpha=windows+server+2003&Filter=FilterNO

Why not Server 2012? Then, you're only two years out of date. Or, again,

any other OS: OSX or Linux.

--

Ted Roche

Ted Roche & Associates, LLC

http://www.tedroche.com

--- StripMime Report -- processed MIME parts ---

multipart/alternative

text/plain (text body -- kept)

text/html

---

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/CACW6n4vvmyV9UCY2F11hgPNHVvtFvhqrYyfRD4KdG3ZGiEpqmQ@mail.gmail.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2014 Ted Roche