| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pipes at mutilation.org (Pipes Cuchifrito) Subject: The worm author finally revealed! >With regards patching systems: have you ever worked in a *real* operations post? Have you ever had developers of your main product say to you "no you can't upgrade to SP6a as it's break the main engine". No matter how much you beg and plead to get this fixed they don't have the resources. What you gonna say? "Fuck you then I'm unplugging the Live servers"? If you are working with developers who refuse to patch software for security reasons, then you arnt working in a *real* operations post. You are working at a post where you would like to think you are working operations so yes, you proberly could get away with unplugging servers. >That maybe ok for you with your funky little OpenBSD box at home running nothing that your toolz and acting as a router for your little sister to AIM through, but here in the real world we have to deal with testing cycles, buggy code, patches that don't behave as advertised, uptime clauses in contracts, being forced to run damn Windows because that's what the Management want and having to support some shitty but crucial piece of code written in VB. Then you arn't payed to do security. Get your contract updated and go back to calling yourself helpdesk.
Powered by blists - more mailing lists