Security Incidents mailing list archives
RE: Releasing patches is bad for security
From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 26 Feb 2004 14:05:05 -0600
Chris Brenton wrote:
This is just such a hoot I had to share: http://news.bbc.co.uk/1/hi/technology/3485972.stm The story quotes David Aucsmith, who is in charge of technology at Microsoft's security business and technology unit as stating: "We have never had vulnerabilities exploited before the patch was known,"
Then how did I get a copy of dcom.exe 2 days before they released the DCom RPC patch. And it was surely in the deep underground longer than that. A very effective exploit too, giving you a command line in 5 seconds on an unpatched box. I would call it less of a hoot and more like a baldface lie. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Releasing patches is bad for security Chris Brenton (Feb 26)
- RE: Releasing patches is bad for security Dave Paris (Feb 26)
- Re: Releasing patches is bad for security Clint Bodungen (Feb 26)
- RE: Releasing patches is bad for security Curt Purdy (Feb 26)
- Re: Releasing patches is bad for security Pall Thayer (Feb 26)
- Re: Releasing patches is bad for security mgotts (Feb 26)
- RE: Releasing patches is bad for security Ross M. W. Bennetts (Feb 26)
- RE: Releasing patches is bad for security Brian Taylor (Feb 29)
- RE: Releasing patches is bad for security Ross M. W. Bennetts (Feb 26)
- Re: Releasing patches is bad for security james (Feb 26)
- RE: Releasing patches is bad for security ELLIS, STEVEN (Feb 27)
- Re: Releasing patches is bad for security james (Feb 27)
- Re: Releasing patches is bad for security Meritt James (Feb 27)
- RE: Releasing patches is bad for security ELLIS, STEVEN (Feb 27)
- <Possible follow-ups>
- RE: Releasing patches is bad for security Gary Nichols (Feb 26)
- Re: Releasing patches is bad for security Joe Miller (Feb 29)