Full Disclosure mailing list archives
Re: When do exploits get used?
From: Luke Scharf <lscharf () aoe vt edu>
Date: Mon, 22 Mar 2004 17:42:44 -0500
On Mon, 2004-03-22 at 17:13, Jay Beale wrote:
Patching isn't really 90%. It seems like that because organizations still aren't keeping up with patches and thus don't know what would have happened if they had. It seems like that because we're not getting caught in the first two parts of our windows of vulnerability that often just yet. If a worm comes out in time window 1 or 2, your 1-hour patch turnaround won't save you.
My point is that if one forgets the fundamentals, all of the firewalling, GPO setups, nifty scripts, and other work is useless. What good is your firewall if you forgot to patch it and it's being controlled from outside? :-) -Luke -- Luke Scharf, Systems Administrator Virginia Tech Aerospace and Ocean Engineering _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Operating Systems Security, "Microsoft Security, baby steps", (continued)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Nico Golde (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Ben Laurie (Mar 22)
- When do exploits get used? Paul Schmehl (Mar 22)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- Re: When do exploits get used? Jay Beale (Mar 22)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- RE: When do exploits get used? Bill Royds (Mar 22)
- Message not available
- RE: When do exploits get used? Michael Cecil (Mar 22)
- Re: When do exploits get used? Luke Norman (Mar 24)
- Re: When do exploits get used? Jay Beale (Mar 23)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- Re: When do exploits get used? Dave Aitel (Mar 22)