| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rahnemann at affinity-mortgage.com (Robert Ahnemann) Subject: No Subject (re: openssh exploit code?) > -----Original Message----- > From: Montana Tenor [mailto:montanatenor@...oo.com] > Sent: Tuesday, October 21, 2003 3:05 PM > To: Schmehl, Paul L > Cc: mitch_hurrison@...lip.com; full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] No Subject (re: openssh exploit code?) > > I agree with Mitch. Lets say you get an advisory that > a severe thunderstorm may be coming your way. Do you > wait until the wind and rain are blowing inside your > house to close the windows and doors. Do you allow > the kids to keep playing outside? You do the prudent > thing. Instead of trying to brute-force Mitch into > this, think about why doing the right thing to protect > the long term interests of your business is the RIGHT > thing to do. I flip to the local radar and get some sort of proof that there might be a thunderstorm coming. Talk is cheap (as was said), so its up to the admin to verify if A) there is a real threat B) the threat applies to your systems C) the threat damage is worth the damage of 'unscheduled downtime' (for the analogy challenged: radar = some sort of proof of concept or something of the likes) Of course, I'm just a silly win2k Admin on a 50 pc network which don't run more than a couple uptime sensitive apps, but I think I have the basics down as far as some of this stuff goes.
Powered by blists - more mailing lists