| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: full-disclosure at nym.hush.com (full-disclosure@....hush.com) Subject: Learn from history? >> 1. Keep informed. >Sure. I'll inform all my 300 customers MS release a bug today, >and I'll drop by to all of them to patch tomorrow. "You" is implied in that statement. >> 2. Install patches as soon as possible >That would involve runnning Windows Automated Update every night >automagically... 1. Microsoft already provides that feature 2. As soon as possible for "you" >> 2. If a patch cannot be installed, find workarounds >That does not work with the workarounds customer need to facilitate >life (security <> easy of use, remember) And the computers/networks will be so easy to use when lines are saturated, file systems are corrupted or data are stolen >> 3. If it is a port-related threat, find out if such ports are >> in use, and if not, make sure they are closed. >Once the virus is on the LAN it can do whatever it wants. Hello! Block the ports BEFORE they hit the LAN. Proactive security. Also, do us a favor and don't propogate the shit! >> Some of the comments overheard this week regarding Sasser: >I did propose some firewall, but they feel it's too much EUREUREUREUR And you provided some sort of analysis showing potential losses due to the lack of a security infrastructure, right? >> Will they learn from history? Only history will tell. >I'm pretty sure they won't. Even most tech guys don't have a clue. Evidently, thanks for your example.
Powered by blists - more mailing lists