Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Getting Off the Patch

From: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming () simplicitymedialtd co uk>
Date: Thu, 20 Jan 2011 02:16:47 +0000
failovers*

On Thu, Jan 20, 2011 at 2:16 AM, Cal Leeming [Simplicity Media Ltd] <
cal.leeming () simplicitymedialtd co uk> wrote:


If the IOS has a remote exp vuln, then hell yes. That is, until the client
tells us to go f*ck ourselves as the downtime would affect their SLAs and
they don't have fall overs in place. lol.

On Thu, Jan 20, 2011 at 2:06 AM, Pete Smith <seclists () decapitate us>wrote:


All,

I agree with most of the stuff that Thor has been saying and from what I
have read this has mostly been centred around patching software on servers.
However most large companies take the don't patch or patch infrequently
stance when it comes to network infrastructure, Cisco, Juniper, 3COM, HP and
other large network infrastructure companies by no means have a clean record
when it comes to vulnerabilities in their software but yet businesses will
often not patch even in environments that are highly redundant and can be
rebooted with no or little impact.

Can anyone seriously say that they patch every time Cisco releases a new
version of IOS?

...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: