nanog mailing list archives
RE: update
From: "Keith Medcalf" <kmedcalf () dessus com>
Date: Sun, 28 Sep 2014 15:06:18 -0600
On Sunday, 28 September, 2014 14:47, Valdis.Kletnieks () vt edu said:
On Sun, 28 Sep 2014 02:39:15 -0400, William Herrin said:
The vulnerabilities were there the whole time, but the progression of discovery and dissemination of knowledge about those vulnerabilities makes the systems more vulnerable. The systems are more vulnerable because the rest of the world has learned more about how those systems may be successfully attacked.
Hopefully, Keith will admit that *THAT* qualifies as a "change" in his book as well. If attackers are coming at you with an updated copy of Metasploit, things have changed....
Sorry to disappoint, but those are not changes that make the system more vulnerable. They are externalities that may change the likelihood of exploitation of an existing vulnerability, but does not create any new vulnerability. Again, if the new exploit were targeting a vulnerability which was fully mitigated already and thus could not be exploited, there has not even been a change in likelihood of exploit or risk.
Current thread:
- RE: update, (continued)
- RE: update Keith Medcalf (Sep 27)
- Re: update Jimmy Hess (Sep 28)
- RE: update Keith Medcalf (Sep 28)
- Re: update Jay Ashworth (Sep 28)
- Re: update Barry Shein (Sep 29)
- Re: update Valdis . Kletnieks (Sep 29)
- Re: update Jay Ashworth (Sep 28)
- Re: update William Herrin (Sep 27)
- RE: update Keith Medcalf (Sep 28)
- Re: update Valdis . Kletnieks (Sep 28)
- RE: update Keith Medcalf (Sep 28)
- Re: update Valdis . Kletnieks (Sep 28)
- Re: update Pete Carah (Sep 28)
- Re: update Valdis . Kletnieks (Sep 29)
- Message not available
- Re: update Larry Sheldon (Sep 28)
- Re: update George Michaelson (Sep 28)
- Re: update Merike Kaeo (Sep 29)
- Re: update Stephen Satchell (Sep 28)
- Re: update Pete Carah (Sep 29)
- Re: update Jay Ashworth (Sep 28)