Re[3]: www.hexblog.com down?

[Pierre Vandevenne <pierre () datarescue com>]

Good Day,

I thought I'd raise a few generic points about the whole issue. Funsec
probably isn't the place, but what the heck...

"sitting duck" mentality: when I first heard of the WMF problem, I
looked at it with my IT security background and thought, I, or my
company, was vulnerable to it. I looked, as I always do, at all the
solutions offered, and conceived cases where they would be
inefficient. We're a small company. We're trying to spend wisely. We
don't have a team of archi-certified sys-admins. We are running Gentoo
linux servers, but, as far as the workstation is concerned, nothing
beats Windows yet. Should our customer data be vulnerable to a
blissfully unaware accountant surfing the web with a vulnerable
system? Or should we disable the functionality we supposedly paid for
in order to weather the storm? If Ilfak hadn't worked here, I would
have asked the same question to our programmers: can we do something
about it? I agree with MS assessment that the current threat level is
a bit lower than hyped. But the potential is, without any doubt, there
to be exploited. So, if one can, why not act upon the problem?

"the net as a service": if the permanently "on" .NET (and others, can
you say Google?) point of view wins



-- 
Best regards,
 Pierre                            mailto:pierre () datarescue com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.