| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: keydet89 at yahoo.com (Harlan Carvey) Subject: Calcuating Loss Kurt, I understand. I just left the private sector. The best I could get the IT folks to do was to roll the patches out on less critical systems first. However, even that didn't keep things from happening w/ regards to SQL Server...one issue was traced back (by Microsoft, no less) to a hotfix. --- Kurt <kurtbuff@...o.net> wrote: > Yup. > > I do it all the time. > > Management is simply not interested in providing a > test network. I can't > even seem to scrounge a couple of desktop-class > machines most of the > time. > > It's pathetic, but it's the way that many companies > operate. > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com]On > Behalf Of Harlan > Carvey > Sent: Tuesday, May 11, 2004 08:38 > To: Full-Disclosure > Cc: Clint Bodungen > Subject: Re: [Full-Disclosure] Calcuating Loss > > > Clint... > > Two words..."testing process". What happened to > that? > Don't tell me you're installing patches directly to > production systems... > > --- Clint Bodungen <clint@...ureconsulting.com> > wrote: > > How about when Micro$oft releases a bundled patch > > (cough cough MS04-011) to > > fix several bugs and security holes (supposedly to > > help "minimize loss" from > > these bugs and worms) only to find out that the > > patch itself has broken just > > as many services as it fixed, taking down one's > > server for a few hours, > > causing yet... more loss! ;-) > > > > > > > > ----- Original Message ----- > > > > > Loss? > > > > > > One of my biggest complaints is the way the > > industry "loses billions" > > > whenever a virus or worm breaks out. > > > > > > I mean, securing and maintain your server is not > a > > loss. Installing and > > > updating your anti virus or IDS package is not a > > loss. All of these > > > things should have been done anyway. > > > > > > If a server goes off line, I guess you could > > measure the revenue it may > > > have produced as a loss, but technically, that > is > > lack of income, not > > > true loss. > > > > > > If you see someone complaining about all the > money > > they lost doing what > > > they should have been doing all along, I just > see > > spin. And politics. > > > > > > M > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: > http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists