| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: hggdh at attbi.com (HggdH) Subject: The worm author finally revealed! From: <futureshoks@...hmail.com> (...) | | Just imagine you pulled the plug on your company's webserver because they were running an un-patched IIS (and you're running IIS because some development manager decided it was The Right Thing). Your CEO comes storming down saying they are loosing business and the reputation of the company is being damaged. What do you do? Retort with "well a hacked webserver would be more damaging". What do you think (s)he'll say? "Oh OK then, I see your point. Keep the servers down until its patched and thankyou for your proactive stance". Or more likely "get the servers back on-line or you are fired". | (...) Thank the Almight someone here actually works in a company like all companies I worked for. No, immediate patching does not happen all the times, and immediate response (i.e. fixing the code) does not happen all the time. You, or your manager, or your manager's manager (or, who knows, your intern) will always be making a call. Just like what you do when you are getting near to a crossing, and the traffic lights start to change. Most of the times you do not need to be a prophet to make the right call, but not always. Some times (in fact, a whole lot of them) making the wrong call does not hurt you. ..hggdh.. "I completely hate extremists"
Powered by blists - more mailing lists