funsec mailing list archives
Re: Microsoft to rush out emergency Windows patch today
From: "Erik Harrison" <eharrison () gmail com>
Date: Wed, 29 Oct 2008 23:08:56 -0400
forgive my frustration from that day. when you have an unfortunately massive attack surface, most of which you don't control or need to jump through 3 weeks worth of notification-related hurdles to impose upon.. then the devils advocate angle was less intellectually stimulating :D On Wed, Oct 29, 2008 at 10:56 PM, <Valdis.Kletnieks () vt edu> wrote:
On Thu, 23 Oct 2008 21:50:23 EDT, Erik Harrison said:seriously, why is this even a conversation? patch. its important. you know why. the devils advocate angle really isn't something anyone dealing with deploying this patch to reams of systems wants to hear right now.The devil's advocate angle is something that some of us really *do* want to deal with. If I'm about to push an "emergency" patch out to 30,000 desktops, I *really* want to know *exactly* how big my actual attack surface really is, so I can make an informed decision whether I should be pushing it out to all 30K the instant I get it, or push it out immediately to the 10K hosts that don't have mitigating factors X, Y, or Z in place, or let my internal regression testing have another 24/48/weekend. If Larry's machine is in fact suitably firewalled, he has the services turned off, and he trusts any other machines on the "inside" of the firewalled net, what *is* his attack surface? For starters, where's the attack going to come *from*? (And I *wish* I was deciding whether to push it out to 30K desktops. Instead, I have 30,000 academia users, most of them laptops coming and going several times a day. It's like herding frikking cats. ;)
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Microsoft to rush out emergency Windows patch today, (continued)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Jack McCarthy (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Erik Harrison (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Valdis . Kletnieks (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Erik Harrison (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Dragos Ruiu (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Dragos Ruiu (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Gadi Evron (Oct 30)