Dailydave mailing list archives
Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes)
From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 13 Nov 2006 13:45:52 -0500
The solution, of course, is to focus only on the high end risk, rather
than assuming you have to climb
up the risk chain from the bottom. IMHO, of course. I don't work for the
USG and haven't for a long
time. But if you're focusing on patch and configuration compliance and
your most likely opponents don't
care then you gotta assume something's broken. Invest the majority of your
cash in vulnerability
research and hacking and leave the compliance management for later.
Sometimes the best defense is a good
offense, and with hacking that's nearly always true.
Dave, I think you're mistaking "high end" risk for high risk. It's a silly suggestion that companies shouldn't acquire patch management capabilities, but instead focus on finding vulnerabilities in the products they rely on so they can... what? Know just how screwed they are? Historically speaking, the "killer" bugs of the late 90s and early 2K's were patched by vendors before the worms hit. This may never happen again since Microsoft has made patch management easier for their customers, but the only reason it wouldn't happen again is because Microsoft made patch management easier for their customers. I hope you're not actually telling clients (especially ones that spend US tax dollars) that they should walk away from WSUS to spend time fuzzing every COTS app they've got looking for 0days. PaulM _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes), (continued)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Olef Anderson (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Nicolas RUFF (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) David Maynor (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Daniel (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Siim Põder (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Matt Richard (Nov 15)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) dan (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Rhys Kidd (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Matt Richard (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Dave Aitel (Nov 16)