Bugtraq mailing list archives
Re: Full Disclosure works, here's proof:
From: cklaus () shadow net (Christopher Klaus)
Date: Sun, 4 Dec 94 12:49:54 EST
I think I would take the time to install a patch that has been fully disclosed and know that most no-brain wannabe hackers are going to be trying it on my system, versus a patch that fixes a problem that only SCO and CERT know about and I will probably never have a problem with.
Bela at SCO wrote:
This is ridiculous. You'd decline to install a security patch because you think not enough hackers know about the hole?
On the same token, it is ridiculous that vendors aren't providing security patches because they don't think enough hackers know about a hole. It wasn't until 8LGM gave you incentive to provide patches that anything was really done. I would install all the patches, but I am sure some admins feel this way and it is easier to justify to management if you can demonstrate to them the problem. Most admins don't install security patches as it is now, probably due to being of several reasons: inexperienced, more worried about keeping the systems up than installing security, time constraints, etc. But with security problems being fully disclosed, the problem becomes more in the open and will get fixed quicker. -- Christopher William Klaus <cklaus () shadow net> <iss () shadow net> Internet Security Systems, Inc. Computer Security Consulting 2209 Summit Place Drive, Penetration Analysis of Networks Atlanta,GA 30350-2430. (404)518-0099. Fax: (404)518-0030
Current thread:
- full disclosure list clarification, (continued)
- full disclosure list clarification Pete Hartman (Dec 02)
- pt_chmod carson () lehman com (Dec 02)
- Re: pt_chmod Karl Strickland (Dec 02)
- mktemp.. *Hobbit* (Dec 02)
- bugtraq list problems (resolved?) Admin/Support (Dec 02)
- full-disclosure list Pete Hartman (Dec 02)
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 03)
- Re: Full Disclosure works, here's proof: Bela Lubkin (Dec 03)
- Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
- Re: Full Disclosure works, here's proof: Paul 'Shag' Walmsley (Dec 04)
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 04)
- Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
- Re: Full Disclosure works, here's proof: Bela Lubkin (Dec 04)
- Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
- Re: Full Disclosure works, here's proof: smb () research att com (Dec 05)
- Re: Full Disclosure works, here's proof: Randy Bias (Dec 05)