| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: DaveHowe at cmn.sharp-uk.co.uk (David Howe) Subject: The worm author finally revealed! at Friday, January 31, 2003 7:52 PM, madsaxon <madsaxon@...ecway.com> was seen to say: > That happens where I work, too. Every new patch breaks something > else, and since a fair amount of our software is custom-designed, we > have to get the vendors to rush out and figure out how to patch their > stuff to be compatible with the new patch. That costs beaucoup > bucks, and meanwhile our clients are screaming because their > application is down. The next time a patch comes out, management is > very reluctant to allow us to install it, so we have to do a > cost-benefit analysis on which would be the greater evil: leaving the > vulnerability unpatched or pissing off our clients with yet another > period of downtime. If we don't patch, we get called "irresponsible" > and "lazy." Certainly true. then you have the wonderful microsoft habit of a later patch overwriting (and therefore silently backing out) an earlier patch's files, and the fact that some sites *legally can't* install the more recent service packs/patches as microsofts new licencing agreement conflicts with a legal duty of privacy for the data processed on that machine. > I personally argued strongly against Microsoft servers in the first > place, but of course that was pooh-poohed as just sour grapes from an > old Unix fossil. Unfortunately, its a cascade - new features of IE require windows servers, which require users to be using IE.....
Powered by blists - more mailing lists