lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030130110826.A32714@mutilation.org>
From: pipes at mutilation.org (Pipes Cuchifrito)
Subject: The worm author finally revealed!


>With regards patching systems: have you ever worked in a *real* operations post? Have you ever had developers of your main product say to you "no you can't upgrade to SP6a as it's break the main engine". No matter how much you beg and plead to get this fixed they don't have the resources. What you gonna say? "Fuck you then I'm unplugging the Live servers"?

If you are working with developers who refuse to patch software for security reasons, then you arnt working in a *real* operations post. You are working at a post where you would like to think you are working operations so yes, you proberly could get away with unplugging servers. 


>That maybe ok for you with your funky little OpenBSD box at home running nothing that your toolz and acting as a router for your little sister to AIM through, but here in the real world we have to deal with testing cycles, buggy code, patches that don't behave as advertised, uptime clauses in contracts, being forced to run damn Windows because that's what the Management want and having to support some shitty but crucial piece of code written in VB.


Then you arn't payed to do security. Get your contract updated and go back to calling yourself helpdesk.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ