Full Disclosure mailing list archives
Operating Systems Security, "Microsoft Security, baby steps"
From: Todd Burroughs <todd () hostopia com>
Date: Thu, 18 Mar 2004 03:17:21 -0500 (EST)
Here's a good example. Yesterday, a problem was resolved with OpenSSL. This package is used in a *lot* of software (yes, including *BSD ;-). SuSE had patches out the fastest, within hours of the official release. Over the course of the day, I saw most/all of the major open source OS vendors (Linux and BSD) announce patches to this problem. I know that other major software companies use OpenSSL in their products; the "free/open source" software community responds very quickly, much faster than any commercial vendor (I noticed that Cisco released a patch). This is proof, same day fix vs. fix in a few months. Updating any OS is a pain in the ass, but all of them have flaws and need to be updated. I find that at least with the UNIX-like ones, you can go on the Net and do your updates faster than you get rooted. MS really needs to fix this, they need to make it so that mom and pop can install and do updates without getting taken over. Kudos to SuSE, keep up the good work! We're getting nervous with the Novell thing, but keep security first. One thing, we need a basic install, no X, just a base install that is secure. One thing to note, I've updated a lot of SuSE based servers and had no problem, but would rather wait a bit than have problems if the vendor didn't have the resources to test things first and the problem is supposed to be limited to a DOS (as oppposed to remote root). Todd Burroughs _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Florian Weimer (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Mark J Cox (Mar 18)
- Re: Operating Systems Security, 'Microsoft Security, baby steps' Daniele Muscetta (Mar 18)
- RE: [inbox] Operating Systems Security, "Microsoft Security, baby steps" Curt Purdy (Mar 18)
- <Possible follow-ups>
- RE: Operating Systems Security, "Microsoft Security, baby steps" Schmehl, Paul L (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Luke Scharf (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Nico Golde (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Ben Laurie (Mar 22)
- When do exploits get used? Paul Schmehl (Mar 22)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
(Thread continues...)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Florian Weimer (Mar 18)