| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: kurtbuff at spro.net (Kurt) Subject: Calcuating Loss I have taken that route myself - I did it first on my NT4 print server, then (ye gods!) on my spare NT4 BDC, then on my small SQL server, then on my ERP and CRM systems, then on my other DCs, my Exchange box and my other production servers. Sweating bullets the whole time, and making sure that my most recent backups had good EOJ notifications. Sigh... -----Original Message----- From: Harlan Carvey [mailto:keydet89@...oo.com] Sent: Tuesday, May 11, 2004 13:26 To: 'Full-Disclosure' Cc: kurtbuff@...o.net Subject: RE: [Full-Disclosure] Calcuating Loss Kurt, I understand. I just left the private sector. The best I could get the IT folks to do was to roll the patches out on less critical systems first. However, even that didn't keep things from happening w/ regards to SQL Server...one issue was traced back (by Microsoft, no less) to a hotfix. --- Kurt <kurtbuff@...o.net> wrote: > Yup. > > I do it all the time. > > Management is simply not interested in providing a > test network. I can't > even seem to scrounge a couple of desktop-class > machines most of the > time. > > It's pathetic, but it's the way that many companies > operate. > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com]On > Behalf Of Harlan > Carvey > Sent: Tuesday, May 11, 2004 08:38 > To: Full-Disclosure > Cc: Clint Bodungen > Subject: Re: [Full-Disclosure] Calcuating Loss > > > Clint... > > Two words..."testing process". What happened to > that? > Don't tell me you're installing patches directly to > production systems... > > --- Clint Bodungen <clint@...ureconsulting.com> > wrote: > > How about when Micro$oft releases a bundled patch > > (cough cough MS04-011) to > > fix several bugs and security holes (supposedly to > > help "minimize loss" from > > these bugs and worms) only to find out that the > > patch itself has broken just > > as many services as it fixed, taking down one's > > server for a few hours, > > causing yet... more loss! ;-) > > > > > > > > ----- Original Message ----- > > > > > Loss? > > > > > > One of my biggest complaints is the way the > > industry "loses billions" > > > whenever a virus or worm breaks out. > > > > > > I mean, securing and maintain your server is not > a > > loss. Installing and > > > updating your anti virus or IDS package is not a > > loss. All of these > > > things should have been done anyway. > > > > > > If a server goes off line, I guess you could > > measure the revenue it may > > > have produced as a loss, but technically, that > is > > lack of income, not > > > true loss. > > > > > > If you see someone complaining about all the > money > > they lost doing what > > > they should have been doing all along, I just > see > > spin. And politics. > > > > > > M > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: > http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists