Full Disclosure mailing list archives

Re: It's not that simple... [Was: Re: Disney Down?]

From: Peter Besenbruch <prb () lava net>
Date: Wed, 17 Aug 2005 09:03:59 -1000

Fergie (Paul Ferguson) wrote:

I'll tell you why -- [snip]

So there you have it -- there's still a LOT of Windows 2000 outthere...
Having said that, you also have to realize that from the time theMS05-039 vulnerability was disclose (and the exploit code wasreleased the same day), to the time that very large enterprises hadto deploy it was very, very short compared to threats of the past.


When reading Seltzer's article, it's easy enough to see the gaping hole
in his logic. He basically argued that XP and 2003 were not going to be
affected (he appears to be changing his mind on this), and that
corporations that used 2000 all used firewalls. Unfortunately, he failed
to see the effect an infected laptop would have, of bringing an infected
machine inside the perimeter.

-- Micheal Espinola Jr <michealespinola () gmail com> wrote:

You [Seltzer] also say, "If it had been International Paper or some
company like that rather than media outlets I suspect it wouldn't be
getting all this attention". While this is likely true, this
exemplifies the need to take security matters more seriously.


I question this a little. First, I haven't heard anything about

International Paper, but have heard about SBC, UPS and quite a fewothers. I also suspect many more companies were severely impacted, butwon't step forward to admit it. The news agencies, to their credit, DIDadmit it and reported it.

...I'm not trying to badger you, but in light of the Disney, CNN, ABC,and The New York Times mishaps (amongst others), I must admit thatI'm glad I don't follow your column or style of advise.


No kidding. Nor do I like Seltzer's lack of candor after being caught so
far off base. It's a very human reaction, but one which damages his
credibility and sullies the reputation of eWeek.

--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Re: It's not that simple..., (continued)
- - - Re: Re: It's not that simple... Jason Coombs (Aug 17)
    - Re: Re: It's not that simple... yossarian (Aug 17)
    - NULL sessions on Windows 2000 systems [Was: Re: Re: It's not that simple...] Jean-Baptiste Marchand (Aug 18)
    - Re: NULL sessions on Windows 2000 systems [Was: Re: [Full-disclosure] Re:It's not that simple...] yossarian (Aug 18)
    - Message not available
    - Re: Re: It's not that simple... Jason Coombs (Aug 17)
    - Re: Re: It's not that simple... Florian Weimer (Aug 17)
    - RE: Re: It's not that simple... Paul Melson (Aug 18)
    - Re: Re: It's not that simple... Valdis . Kletnieks (Aug 18)
    - Re: Re: It's not that simple... Micheal Espinola Jr (Aug 18)
    - Re: Re: It's not that simple... Micheal Espinola Jr (Aug 18)
- Re: It's not that simple... [Was: Re: Disney Down?] Peter Besenbruch (Aug 17)