Full Disclosure mailing list archives
RE: AW: no more public exploits
From: "Blake Wiedman" <bwiedman () iconsinc com>
Date: Wed, 28 Apr 2004 18:16:23 -0400
Just a bit of info. Military patching usually adheres to the following standard (I was in the Air Force so when I state military I mean AF) 1. Microsoft releases a patch. 2. DISA reviews it 3. Either the same day or longer DiSA informs local MAJCOM NOC's 4. Local MAJCOM NOCS receive the patch notification and a deadline for applying the patch. 5. The patch can either be received from DISA if provided or if not provided downloaded directly from Microsoft. 6. S.A's and MAJCOM NOCS must give status report as to which machines were updated and which were not. 7. Status and patch implementation is entered into monthly metrics. This is a very basic over view. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Ng, Kenneth (US) Sent: Wednesday, April 28, 2004 5:37 PM To: 'Bernard J. Duffy'; full-disclosure () lists netsys com Subject: RE: AW: [Full-disclosure] no more public exploits The military does have a lot of rules, some are followed more than others. A friend got about 20 copies of the Melissa email worm on a computer that was on a network that was supposed to be completely isolated from the outside. How much you wanna bet someone decided to save a few dollars by dual honing a few pc's? Heck, I've seen someone dual hone a NT4 box with every service known to man turned on, zero patches, TO THE INTERNET. Thank god he didn't have the right default route. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Bernard J. Duffy Sent: Wednesday, April 28, 2004 3:38 PM To: full-disclosure () lists netsys com Subject: Re: AW: [Full-disclosure] no more public exploits Are you saying that the military has standardized best practices that mandate the immediate installation of vendor OS patches? If they do, I highly doubt that such policies are widely adhered to. The fact is, quickly released security patches can and often do break applications, particularly when the system configuration is less common. Ask any Windows NT administrator about that. I would venture to guess that you would not be a happy camper if the IT organization supporting the systems that process your payroll or banking applied code fixes without a robust testing procedure. Bernard Duffy bduffy () nycap rr com On Wed, 28 Apr 2004 13:13:04 +0800, tcleary2 () csc com au <tcleary2 () csc com au> wrote:
Cael Abal said:Realistically,the lack of a widespread published exploit means an attack on any given machine is less likely. An admin who chooses to ignore these probabilities isn't looking at their job with the
right
perspective. You missed the "IMHO". In the Military your generalisation is probably not a self evident
truth.
To quote another posters sig. "Knowing what you don't know is more important than knowing what you know." and I would add that that's because what
you
do know you can try to deal with. Enough of the philosophy class. Regards, tom.
------------------------------------------------------------------------ ---- ------------
Tom Cleary - Security Architect "In IT, acceptable solutions depend upon humans - Computers don't negotiate."
------------------------------------------------------------------------ ---- ------------
This is a PRIVATE message. If you are not the intended recipient,
please
delete without copying and kindly advise us by e-mail of the mistake
in
delivery. NOTE: Regardless of content, this e-mail shall not operate
to
bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the
use of
e-mail for such purpose.
------------------------------------------------------------------------ ---- ------------
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ************************************************************************ ***** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ************************************************************************ ***** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: no more public exploits Baum, Stefan (Apr 27)
- Re: no more public exploits Exibar (Apr 27)
- Re: AW: no more public exploits Byron Copeland (Apr 27)
- Re: AW: no more public exploits Valdis . Kletnieks (Apr 27)
- Re: AW: no more public exploits Cael Abal (Apr 27)
- <Possible follow-ups>
- Re: AW: no more public exploits tcleary2 (Apr 28)
- Re: AW: no more public exploits Bernard J. Duffy (Apr 28)
- RE: AW: no more public exploits Soderland, Craig (Apr 28)
- RE: AW: no more public exploits Ng, Kenneth (US) (Apr 28)
- RE: AW: no more public exploits Blake Wiedman (Apr 28)