lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611E06B47666@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: [Fwd: Edwards AFB shut down by W32Blaster] (fwd)

> -----Original Message-----
> From: Stephen Clowater [mailto:steve@...vesworld.hopto.org] 
> Sent: Wednesday, August 20, 2003 9:16 AM
> To: Schmehl, Paul L; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] [Fwd: Edwards AFB shut down by 
> W32Blaster] (fwd)
> 
> And the people who run unix networks, well, the sysadmins 
> usally are spolied. 
> They can leave that solaris box running 34 proccessors in the 
> corner, and 
> have any other box talk to it without trouble. So when it 
> goes down, after 
> sitting in a corner and not being touched physically for 
> about 2 years,

Spoiled is right.  And I have to beat on them severely to get them to
understand that they *too* must patch their boxes.  It used to be a
bragging point to say "my box has been up for 2398 days without a
crash".  Now it's just a sign of stupidity.  *No* OS can go without
patching for more than 30 days anymore.  It's simply not safe.

I'll grant you, Windows is way worse than all the others, and a much
bigger PITA besides, but all of them must be patched, regularly,
routinely, frequently, or you will be owned.  The problem is that way to
many *nix admins still think it's OK to be up for 2398 days without
patching.  (And yes, I *do* know that many patches merely require a kill
-HUP.  Not all do.  You can't use a new kernel until you reboot, and all
you need to do is look at the security notices for new kernels to
realize that that alone is a regular occurrence.)

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ