Full Disclosure mailing list archives

Re: It's not that simple... [Was: Re: Disney Down?]

From: Micheal Espinola Jr <michealespinola () gmail com>
Date: Wed, 17 Aug 2005 15:29:58 -0400

From my perspective, developing a patch and applying a patch are two

different life cycles.  I'm no developer, but I know what it takes to
properly test and roll-out patches within my (current and previous)
organization(s).

I don't pretend to believe that all patches are the same, but this PnP
patch is one of the less difficult to deal with in terms of a
roll-out.  I truly believe this recent worm could have been avoided if
MS05-039 was taken more seriously.

I cannot say as to why MS hasn't addressed any other outstanding
issues.  While it's a valid concern of mine as well, it really doesn't
relate to the discussion regarding the MS05-039 fiasco.


On 8/17/05, Geo. <geoincidents () nls net> wrote:

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk]On Behalf Of Micheal
Espinola Jr

Regardless of "a LOT of Windows 2000 out there...", these companies

weren't bitten the same day the initial exploit was released.  6 days
is plenty of time to have tested compatibility and to distribute the
patch.<<

How can you allow a vendor to take 6 months to a year to release a patch and
then say 6 days is plenty of time to test and patch?

You know, I was sure when MS announced there would be 6 patches for august
that one of them would be one of these
http://www.eeye.com/html/research/upcoming/index.html but I guess not... 141
days and counting, and it will get released when MS hears that someone has
written and released an exploit for it, then of course all of us have 6 days
to live..

Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



-- 
ME2  <http://www.santeriasys.net/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

It's not that simple... [Was: Re: Disney Down?] Fergie (Paul Ferguson) (Aug 17)
- Re: It's not that simple... [Was: Re: Disney Down?] Micheal Espinola Jr (Aug 17)
  - RE: It's not that simple... [Was: Re: Disney Down?] Geo. (Aug 17)
    - Re: It's not that simple... [Was: Re: Disney Down?] Micheal Espinola Jr (Aug 17)
    - Re: It's not that simple... [Was: Re: Disney Down?] Ron DuFresne (Aug 17)
    - Re: It's not that simple... [Was: Re: Disney Down?] fd (Aug 18)
    - Re: It's not that simple... [Was: Re: Disney Down?] Nick FitzGerald (Aug 18)
    - Re: It's not that simple... [Was: Re: Disney Down?] Ron DuFresne (Aug 22)
    - Re: It's not that simple... [Was: Re: Disney Down?] James Tucker (Aug 19)
    - Re: It's not that simple... [Was: Re: Disney Down?] Barrie Dempster (Aug 19)
  - Re: It's not that simple... [Was: Re: Disney Down?] Ron DuFresne (Aug 17)
  - Re: It's not that simple... Florian Weimer (Aug 17)
    - Re: Re: It's not that simple... Jason Coombs (Aug 17)
    - Re: Re: It's not that simple... Kurt Seifried (Aug 17)

(Thread continues...)