lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Aug 17 20:30:07 2005
From: michealespinola at gmail.com (Micheal Espinola Jr)
Subject: It's not that simple... [Was: Re: Disney Down?]

>From my perspective, developing a patch and applying a patch are two
different life cycles.  I'm no developer, but I know what it takes to
properly test and roll-out patches within my (current and previous)
organization(s).

I don't pretend to believe that all patches are the same, but this PnP
patch is one of the less difficult to deal with in terms of a
roll-out.  I truly believe this recent worm could have been avoided if
MS05-039 was taken more seriously.

I cannot say as to why MS hasn't addressed any other outstanding
issues.  While it's a valid concern of mine as well, it really doesn't
relate to the discussion regarding the MS05-039 fiasco.


On 8/17/05, Geo. <geoincidents@....net> wrote:
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of Micheal
> Espinola Jr
> 
> 
> >>Regardless of "a LOT of Windows 2000 out there...", these companies
> weren't bitten the same day the initial exploit was released.  6 days
> is plenty of time to have tested compatibility and to distribute the
> patch.<<
> 
> How can you allow a vendor to take 6 months to a year to release a patch and
> then say 6 days is plenty of time to test and patch?
> 
> You know, I was sure when MS announced there would be 6 patches for august
> that one of them would be one of these
> http://www.eeye.com/html/research/upcoming/index.html but I guess not... 141
> days and counting, and it will get released when MS hears that someone has
> written and released an exploit for it, then of course all of us have 6 days
> to live..
> 
> Geo.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


-- 
ME2  <http://www.santeriasys.net/>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ