Full Disclosure mailing list archives
Re: It's not that simple... [Was: Re: Disney Down?]
From: Peter Besenbruch <prb () lava net>
Date: Wed, 17 Aug 2005 09:03:59 -1000
Fergie (Paul Ferguson) wrote:
I'll tell you why -- [snip]
So there you have it -- there's still a LOT of Windows 2000 out there...Having said that, you also have to realize that from the time the MS05-039 vulnerability was disclose (and the exploit code was released the same day), to the time that very large enterprises had to deploy it was very, very short compared to threats of the past.
When reading Seltzer's article, it's easy enough to see the gaping hole in his logic. He basically argued that XP and 2003 were not going to be affected (he appears to be changing his mind on this), and that corporations that used 2000 all used firewalls. Unfortunately, he failed to see the effect an infected laptop would have, of bringing an infected machine inside the perimeter.
-- Micheal Espinola Jr <michealespinola () gmail com> wrote:
You [Seltzer] also say, "If it had been International Paper or some company like that rather than media outlets I suspect it wouldn't be getting all this attention". While this is likely true, this exemplifies the need to take security matters more seriously.
I question this a little. First, I haven't heard anything aboutInternational Paper, but have heard about SBC, UPS and quite a few others. I also suspect many more companies were severely impacted, but won't step forward to admit it. The news agencies, to their credit, DID admit it and reported it.
...I'm not trying to badger you, but in light of the Disney, CNN, ABC, and The New York Times mishaps (amongst others), I must admit that I'm glad I don't follow your column or style of advise.
No kidding. Nor do I like Seltzer's lack of candor after being caught so far off base. It's a very human reaction, but one which damages his credibility and sullies the reputation of eWeek. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Re: It's not that simple..., (continued)
- Re: Re: It's not that simple... Jason Coombs (Aug 17)
- Re: Re: It's not that simple... yossarian (Aug 17)
- NULL sessions on Windows 2000 systems [Was: Re: Re: It's not that simple...] Jean-Baptiste Marchand (Aug 18)
- Re: NULL sessions on Windows 2000 systems [Was: Re: [Full-disclosure] Re:It's not that simple...] yossarian (Aug 18)
- Message not available
- Re: Re: It's not that simple... Jason Coombs (Aug 17)
- Re: Re: It's not that simple... Florian Weimer (Aug 17)
- RE: Re: It's not that simple... Paul Melson (Aug 18)
- Re: Re: It's not that simple... Valdis . Kletnieks (Aug 18)
- Re: Re: It's not that simple... Micheal Espinola Jr (Aug 18)
- Re: Re: It's not that simple... Micheal Espinola Jr (Aug 18)