Re: Getting Off the Patch

[Pete Herzog <lists () isecom org>]

> Fortunately this isn't the type of list where people would challenge your "large company"

Thanks, good to know. And I was 18 when I did the sting operations. 
You misread (again).

> Now, what I did there was insulting, confrontational, and a general shitty thing to do.

Expected. Nothing that I wouldn't put past you.

> But with this approach, you are asking us to do the exact same thing when we

This is a very limited point of view and you are inferring this.

> You cannot use the "if you don't like my driving then stay off the sidewalk" defense

Wow, you're still inferring a whole bunch of things there and even 
saying things I didn't say. You are so taking this all out of context.


> I chose that example specifically because it represented an unpatched environment

Sorry you were dissatisfied with the examples. I'll try harder for you 
next time.

> I didn't find it a challenge to read at all; it was quite easy.

Criticism noted.

> Your stating that "you think that op-controls can't protect where patches

Of course your argument is your opinion. One that can be surely backed 
by many stats from many companies making money off that particular 
model. And those stats also show it doesn't work consistently. Why not 
try something different? I am presenting a different model is all. 
Sorry you don't like it. It works for others that have tried.

> I have clearly stated that these controls should already be in place, and

I disagree. I think it's a shame that someone who has occasionally 
decent things to say can be so brainwashed to suggest patching must be 
done. Good luck with that.

> I'm glad I have operated with the parameters of your expectation.

I'm happy now that you're glad :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/