[<prev] [next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611E06B47666@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: [Fwd: Edwards AFB shut down by W32Blaster] (fwd)
> -----Original Message-----
> From: Stephen Clowater [mailto:steve@...vesworld.hopto.org]
> Sent: Wednesday, August 20, 2003 9:16 AM
> To: Schmehl, Paul L; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] [Fwd: Edwards AFB shut down by
> W32Blaster] (fwd)
>
> And the people who run unix networks, well, the sysadmins
> usally are spolied.
> They can leave that solaris box running 34 proccessors in the
> corner, and
> have any other box talk to it without trouble. So when it
> goes down, after
> sitting in a corner and not being touched physically for
> about 2 years,
Spoiled is right. And I have to beat on them severely to get them to
understand that they *too* must patch their boxes. It used to be a
bragging point to say "my box has been up for 2398 days without a
crash". Now it's just a sign of stupidity. *No* OS can go without
patching for more than 30 days anymore. It's simply not safe.
I'll grant you, Windows is way worse than all the others, and a much
bigger PITA besides, but all of them must be patched, regularly,
routinely, frequently, or you will be owned. The problem is that way to
many *nix admins still think it's OK to be up for 2398 days without
patching. (And yes, I *do* know that many patches merely require a kill
-HUP. Not all do. You can't use a new kernel until you reboot, and all
you need to do is look at the security notices for new kernels to
realize that that alone is a regular occurrence.)
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists