Full Disclosure mailing list archives

Re: Time to patch Windows boxes with MS08-067

From: Valdis.Kletnieks () vt edu
Date: Fri, 24 Oct 2008 10:51:38 -0400

On Fri, 24 Oct 2008 09:12:36 BST, n3td3v said:

- why tell the bad guys you're frightened about them.


Umm... perhaps because the bad guys already have frikking exploits and
sharks with laser beams on their heads, and are using this in the wild, so
it doesn't matter that we tell them?

- why frighten the good guys, and be frightened?


Because *most* people with more than 3 neurons like to be *told* to watch
out because there's frikking sharks with laser beams on their heads.

- why rate threats to the public domain? why not keep it to yourself,
it changes nothing apart from create a fear, and then all you have to
fear is fear its self, when nothing may actually happen to you.


Actually, it changes a *LOT*.  It doesn't create a fear, it also makes
people patch their systems and deploy anti-shark devices.

i don't even think we should be rating vulnerabilities either, they
should all be one of the same, we shouldn't rate terrorism threats or
hacker threat vulnerabilities or security incidents.


There's a 20% possibility of light showers somewhere in Great Britain
this afternoon.

There's a massive thunderstorm cell headed your way, with a 95% chance that
your street will be hit with 2-inch-diameter hail in the next 15 minutes. Seek
shelter immediately.

For those who don't live in areas where hail happens, here's a good video:
http://digg.com/lbv.php?id=8500112&ord=1

You rate those the same in terms of threat level to you?

There's a shark with laser beams on its head somewhere near Glasgow,
and it might be hungry.

There's a shark with laser beams on its head behind your couch, and
it hasn't eaten in two weeks.

You rate those the same in terms of threat level to you?

is it not obvious to each individual how important something is, and
allow then to give it their own rate privately, and not have a rate of
fear that we should all adhere to.


Remember that the average user/admin is almost as clueless about security
as you are, and needs everything spelled out for them.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Time to patch Windows boxes with MS08-067 Juha-Matti Laurio (Oct 23)
- Re: Time to patch Windows boxes with MS08-067 James Matthews (Oct 23)
- <Possible follow-ups>
- Re: Time to patch Windows boxes with MS08-067 Juha-Matti Laurio (Oct 23)
- Re: Time to patch Windows boxes with MS08-067 Juha-Matti Laurio (Oct 24)
  - Re: Time to patch Windows boxes with MS08-067 n3td3v (Oct 24)
    - Re: Time to patch Windows boxes with MS08-067 Erik Harrison (Oct 24)
    - Re: Time to patch Windows boxes with MS08-067 Valdis . Kletnieks (Oct 24)
    - Re: Time to patch Windows boxes with MS08-067 n3td3v (Oct 24)
    - Re: Time to patch Windows boxes with MS08-067 Valdis . Kletnieks (Oct 24)
    - Re: Time to patch Windows boxes with MS08-067 n3td3v (Oct 24)
    - Message not available
    - RE : Time to patch Windows boxes with MS08-067 waveroad waveroad (Oct 24)
    - Message not available
    - Re: Time to patch Windows boxes with MS08-067 n3td3v (Oct 25)
    - Re: Time to patch Windows boxes with MS08-067 Duckie (Oct 25)
    - Re: Time to patch Windows boxes with MS08-067 Biz Marqee (Oct 26)
- Re: Time to patch Windows boxes with MS08-067 Syed Imran Ali (Oct 24)