Full Disclosure mailing list archives
RE: Calcuating Loss
From: "Kurt" <kurtbuff () spro net>
Date: Tue, 11 May 2004 13:52:52 -0700
I have taken that route myself - I did it first on my NT4 print server, then (ye gods!) on my spare NT4 BDC, then on my small SQL server, then on my ERP and CRM systems, then on my other DCs, my Exchange box and my other production servers. Sweating bullets the whole time, and making sure that my most recent backups had good EOJ notifications. Sigh... -----Original Message----- From: Harlan Carvey [mailto:keydet89 () yahoo com] Sent: Tuesday, May 11, 2004 13:26 To: 'Full-Disclosure' Cc: kurtbuff () spro net Subject: RE: [Full-disclosure] Calcuating Loss Kurt, I understand. I just left the private sector. The best I could get the IT folks to do was to roll the patches out on less critical systems first. However, even that didn't keep things from happening w/ regards to SQL Server...one issue was traced back (by Microsoft, no less) to a hotfix. --- Kurt <kurtbuff () spro net> wrote:
Yup. I do it all the time. Management is simply not interested in providing a test network. I can't even seem to scrounge a couple of desktop-class machines most of the time. It's pathetic, but it's the way that many companies operate. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Harlan Carvey Sent: Tuesday, May 11, 2004 08:38 To: Full-Disclosure Cc: Clint Bodungen Subject: Re: [Full-disclosure] Calcuating Loss Clint... Two words..."testing process". What happened to that? Don't tell me you're installing patches directly to production systems... --- Clint Bodungen <clint () secureconsulting com> wrote:How about when Micro$oft releases a bundled patch (cough cough MS04-011) to fix several bugs and security holes (supposedly to help "minimize loss" from these bugs and worms) only to find out that the patch itself has broken just as many services as it fixed, taking down one's server for a few hours, causing yet... more loss! ;-) ----- Original Message -----Loss? One of my biggest complaints is the way theindustry "loses billions"whenever a virus or worm breaks out. I mean, securing and maintain your server is notaloss. Installing andupdating your anti virus or IDS package is not aloss. All of thesethings should have been done anyway. If a server goes off line, I guess you couldmeasure the revenue it mayhave produced as a loss, but technically, thatislack of income, nottrue loss. If you see someone complaining about all themoneythey lost doing whatthey should have been doing all along, I justseespin. And politics.M_______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Calcuating Loss, (continued)
- Re: Calcuating Loss Harlan Carvey (May 11)
- Re: Calcuating Loss Clint Bodungen (May 11)
- Re: Calcuating Loss Harlan Carvey (May 11)
- Re: Calcuating Loss Clint Bodungen (May 11)
- Re: Calcuating Loss Valdis . Kletnieks (May 11)
- Re: Calcuating Loss Jay Beale (May 11)
- Re: Calcuating Loss Frank Knobbe (May 11)
- Re: Calcuating Loss Seth Alan Woolley (May 11)
- RE: Calcuating Loss Kurt (May 11)
- RE: Calcuating Loss Harlan Carvey (May 11)
- RE: Calcuating Loss Kurt (May 11)
- Re: Calcuating Loss Anders B Jansson (May 11)
- Re: Calcuating Loss madsaxon (May 11)
- Re: Calcuating Loss Gregory A. Gilliss (May 11)
- Re: Calcuating Loss Harlan Carvey (May 11)