Full Disclosure mailing list archives
Re: Remedy for Getting Off is Patch
From: Dan Tulovsky <dant () wetsnow com>
Date: Sat, 15 Jan 2011 14:14:09 -0500
This may be a troll, but it reminds me of something a fellow sysadmin said in a meeting once: "Firewalls? Who needs firewalls? If you properly maintain your end system, you don't need a firewall." 2011/1/14 Григорий Братислава <musntlive () gmail com>:
Hello full disclosure!!! I'd like to warn you about Patches. As is everyone knows, patches is are pieces of is software that software manufacturers is make to fix their is horrendous programs. Is you not patch, you is get owned. Gone is under sixty seconds. As is say on Wikipedia -- "A security patch is a change applied to an asset to correct the weakness described by a vulnerability. This corrective action will prevent successful exploitation and remove or mitigate a threat’s capability to exploit a specific vulnerability in an asset. Security patches are the primary method of fixing security vulnerabilities in software. Currently Microsoft releases its security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches as soon after a vulnerability announcement as possible. Security patches are closely tied to responsible disclosure." As in say by musntlive -- "A security patch is is a change applied is to an asset is to correct ignorance and stupidities of developers of is application because is their application is ownerizable. This is corrective action and is nothing more than is bandaid to prevent temporary exploitation and is remove vulnerability for short amount of is time. Security patches is only method of vendors like is Microsoft is to cover their осёл. 'Is we is Microsoft and is sure we make sloppy software.' All software is beta присоска! And is you is stupid for buying is software. Security patches is closely tied with sloppy coding and is rushing to market." Is argue by Thor (who is musntlive respect) as is is arguement by Valdis (who is musntlive respect is усы) is Pete Herzog (who is musntlive respect) say: 'defense in depth' -- "the more reason to implement an array of controls (defense in width) for the interactive points rather than rely on patches to fix ONLY the problems you know about." Now is musntlive lay smack down on is everyone even is I respect all of you. Is Pete you must understand is I pay $40,000.00 or give 10,000 little сурок trade for software - I is expect software to is work how I want is work. I is build my business on is this application so when is code is changed now I is has to maybe accept it yes or is not accept it. Is I accept is change is software maybe break my system and is cost me money or possibly worse сурок!! Is who присоска now!!??!!?? Is patch no answer!! Because is New Year musntlive offers everyone fair solution to is fix: OpenBSD. Now is when you have security issues since is your machine backdoored is you can ask Theo or the FBI to fix is your machine. Thank is you all for support in 2011 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Remedy for Getting Off is Patch Григорий Братислава (Jan 14)
- Re: Remedy for Getting Off is Patch Dan Tulovsky (Jan 16)