Full Disclosure mailing list archives
RE: No Subject (re: openssh exploit code?)
From: "Robert Ahnemann" <rahnemann () affinity-mortgage com>
Date: Tue, 21 Oct 2003 16:07:10 -0500
-----Original Message----- From: Montana Tenor [mailto:montanatenor () yahoo com] Sent: Tuesday, October 21, 2003 3:05 PM To: Schmehl, Paul L Cc: mitch_hurrison () ziplip com; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] No Subject (re: openssh exploit code?) I agree with Mitch. Lets say you get an advisory that a severe thunderstorm may be coming your way. Do you wait until the wind and rain are blowing inside your house to close the windows and doors. Do you allow the kids to keep playing outside? You do the prudent thing. Instead of trying to brute-force Mitch into this, think about why doing the right thing to protect the long term interests of your business is the RIGHT thing to do.
I flip to the local radar and get some sort of proof that there might be a thunderstorm coming. Talk is cheap (as was said), so its up to the admin to verify if A) there is a real threat B) the threat applies to your systems C) the threat damage is worth the damage of 'unscheduled downtime' (for the analogy challenged: radar = some sort of proof of concept or something of the likes) Of course, I'm just a silly win2k Admin on a 50 pc network which don't run more than a couple uptime sensitive apps, but I think I have the basics down as far as some of this stuff goes. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: No Subject (re: openssh exploit code?), (continued)
- Re: No Subject (re: openssh exploit code?) mitch_hurrison (Oct 21)
- Re: No Subject (re: openssh exploit code?) Blue Boar (Oct 21)
- RE: No Subject (re: openssh exploit code?) Bassett, Mark (Oct 21)
- Re: No Subject (re: openssh exploit code?) Richard Massa (Oct 21)
- RE: No Subject (re: openssh exploit code?) Ron DuFresne (Oct 22)
- No Subject (re: openssh exploit code?) mitch_hurrison (Oct 21)
- Re: No Subject (re: openssh exploit code?) Dan Wilder (Oct 21)
- Re: No Subject (re: openssh exploit code?) Helmut Springer (Oct 23)
- RE: No Subject (re: openssh exploit code?) Robert Ahnemann (Oct 21)
- RE: No Subject (re: openssh exploit code?) Robert Ahnemann (Oct 21)
- RE: No Subject (re: openssh exploit code?) Robert Ahnemann (Oct 21)
- RE: No Subject (re: openssh exploit code?) Montana Tenor (Oct 21)
- RE: No Subject (re: openssh exploit code?) V.O. (Oct 21)
- Re: No Subject (re: openssh exploit code?) Kenneth R. van Wyk (Oct 21)
- RE: No Subject (re: openssh exploit code?) Montana Tenor (Oct 21)
- RE: No Subject (re: openssh exploit code?) Schmehl, Paul L (Oct 21)
- RE: No Subject (re: openssh exploit code?) Generated by a PseudoRandom Number Generator (Oct 21)
- Re: No Subject (re: openssh exploit code?) mitch_hurrison (Oct 21)