Full Disclosure mailing list archives
RE: Operating Systems Security, "Microsoft Security, baby steps"
From: Todd Burroughs <todd () hostopia com>
Date: Fri, 19 Mar 2004 01:49:42 -0500 (EST)
On Thu, 18 Mar 2004, Schmehl, Paul L wrote:
Updating any OS is a pain in the ass, but all of them have flaws and need to be updated. I find that at least with the UNIX-like ones, you can go on the Net and do your updates faster than you get rooted.This is foolish thinking. Do you really think that, when a patch comes out, *then* the hackers start working on exploits? The exploits were being used *long* before the patch comes out. The only thing a patch gets you is protection against *future* hack attempts against *that* weakness.
Wasn't that something that MS tried to say, the "hackers" are reverse engineering our patches? That was funny, but the sad thing is that a lot of people will believe it. What I meant is that you can most likely actually use the Internet to get patches with a fresh install before you get taken over, not that somehow UNIX-like systems make patches before the exploits are out there and being used ;-) It's quite apparent by other threads on the list that this is not generally the case with Windows. Just being patched doesn't mean that you are safe, but it's better than running well known security holes. Obviously, if you go on the Net with all services running, especially on an unpatched box, you're gonna get rooted pretty quickly. Todd Burroughs _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Florian Weimer (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Mark J Cox (Mar 18)
- Re: Operating Systems Security, 'Microsoft Security, baby steps' Daniele Muscetta (Mar 18)
- RE: [inbox] Operating Systems Security, "Microsoft Security, baby steps" Curt Purdy (Mar 18)
- <Possible follow-ups>
- RE: Operating Systems Security, "Microsoft Security, baby steps" Schmehl, Paul L (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Luke Scharf (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Nico Golde (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Ben Laurie (Mar 22)
- When do exploits get used? Paul Schmehl (Mar 22)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- Re: When do exploits get used? Jay Beale (Mar 22)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- RE: When do exploits get used? Bill Royds (Mar 22)
- Message not available
- RE: When do exploits get used? Michael Cecil (Mar 22)
- Re: When do exploits get used? Luke Norman (Mar 24)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Florian Weimer (Mar 18)