Full Disclosure mailing list archives

Re: AW: no more public exploits

From: "Bernard J. Duffy" <bduffy () gmail com>
Date: Wed, 28 Apr 2004 15:37:55 -0400

Are you saying that the military has standardized best practices that
mandate the immediate installation of vendor OS patches? If they do, I
highly doubt that such policies are widely adhered to.

The fact is, quickly released security patches can and often do break
applications, particularly when the system configuration is less
common. Ask any Windows NT administrator about that.

I would venture to guess that you would not be a happy camper if the
IT organization supporting the systems that process your payroll or
banking applied code fixes without a robust testing procedure.

Bernard Duffy
bduffy () nycap rr com

On Wed, 28 Apr 2004 13:13:04 +0800, tcleary2 () csc com au
<tcleary2 () csc com au> wrote:


Cael Abal said:

Realistically,the lack of a widespread published exploit means an
attack on any given machine is less likely.  An admin who chooses
to ignore these probabilities isn't looking at their job with the right

perspective.

You missed the "IMHO".

In the Military your generalisation is probably not a self evident truth.

To quote another posters sig. "Knowing what you don't know is more
important
than knowing what you know." and I would add that that's because what you
do know you can try to deal with.

Enough of the philosophy class.

Regards,

tom.
----------------------------------------------------------------------------------------
Tom Cleary - Security Architect

"In IT, acceptable solutions depend upon humans - Computers don't
negotiate."
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit
written agreement or government initiative expressly permitting the use of
e-mail for such purpose.
----------------------------------------------------------------------------------------



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

AW: no more public exploits Baum, Stefan (Apr 27)
- Re: no more public exploits Exibar (Apr 27)
- Re: AW: no more public exploits Byron Copeland (Apr 27)
- Re: AW: no more public exploits Valdis . Kletnieks (Apr 27)
- Re: AW: no more public exploits Cael Abal (Apr 27)
- <Possible follow-ups>
- Re: AW: no more public exploits tcleary2 (Apr 28)
  - Re: AW: no more public exploits Bernard J. Duffy (Apr 28)
- RE: AW: no more public exploits Soderland, Craig (Apr 28)
- RE: AW: no more public exploits Ng, Kenneth (US) (Apr 28)
  - RE: AW: no more public exploits Blake Wiedman (Apr 28)