I have to say, what is the point? Is this a hoax or not, because it seems strange that it didn't go to Bugtraq or VulnWatch? If it isn't then how is everyone that works with in IT supposed to know if this is true and what conditions cause it to occur? You are only pampering to the wants of the big boys (or gals) and you will make life for IT staff employed by their own company to secure their systems / networks impossible, which may lead to: -> non-requirement for internal IT Security ppl -> requirement for external security company -> decrease in efficiency and understanding of the business risks associated with security -> possibly a lower level of security within organisations -> bigger bank accounts for the big IT Security players only -> which *could* lead to monopoly conditons So we all sit here for 60 days vulnerable to "something" not knowing what it is, what functionality the registry key mentioned offers users and hence what functionality will be broken by the modification - really useful for people who need to roll out security changes quickly. Me two-penneth worth. Cheers, Paul Rogers, Information Security Consultant.
This archive was generated by hypermail 2b30 : Thu Nov 22 2001 - 08:23:23 PST