Full Disclosure mailing list archives
RE: Gates: 'You don't need perfect code' for good security
From: james <hackerwacker () cybermesa com>
Date: 31 Oct 2003 18:43:35 -0700
On Fri, 2003-10-31 at 16:50, Beaty, Bryan wrote:
Correct me if I am wrong but...
I'll be glad to.
I believe every worm listed below could have been prevented had everyone patched their systems.
I would like the security community to take more responsibility for their own (in)actions. If you were hit by Blaster then you failed to enforce a good patch management policy. Who's fault is that? Patch management is boring and so we often ignore it. Hackers and worms simply take advantage of our laziness. I guess blaster could be a form of social engineering. "I know admins don't patch so I can write a worm and kill the world."
Since you directed this to the "security community" it seems you are speaking to IT folk and not end users. I **cannot** apply MS patches till they go through quite a bit of testing. I have been bitten with production boxes that are rendered unusable after a round of MS patches. We are a BSD/Linux shop with just a few MS boxes but it still takes a lot of time to make sure the patch(es) will work with various configurations and applications. I **shudder** to think what orgs that are all MS have to do to deploy patches. Who's fault is that? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Gates: 'You don't need perfect code' for good security |reduced|minus|none| (Oct 31)
- <Possible follow-ups>
- RE: Gates: 'You don't need perfect code' for good security Beaty, Bryan (Oct 31)
- RE: Gates: 'You don't need perfect code' for good security james (Oct 31)
- RE: [spam] RE: Gates: 'You don't need perfect code' for good security Exibar (Nov 01)
- udp port 2615 Trond Kringstad (Nov 01)
- RE: Gates: 'You don't need perfect code' for good security Cedric Blancher (Nov 01)
- Re: Gates: 'You don't need perfect code' for good security William Warren (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Matthew Murphy (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Matthew Murphy (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 03)
- Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 03)