lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: hackerwacker at cybermesa.com (james)
Subject: Gates: 'You don't need perfect code' for
	good security

On Fri, 2003-10-31 at 16:50, Beaty, Bryan wrote:
> Correct me if I am wrong but...

I'll be glad to.

> 
> I believe every worm listed below could have been prevented had everyone
> patched their systems.

> I would like the security community to take more responsibility for
> their own (in)actions. If you were hit by Blaster then you failed to
> enforce a good patch management policy. Who's fault is that? Patch
> management is boring and so we often ignore it. Hackers and worms simply
> take advantage of our laziness. I guess blaster could be a form of
> social engineering. "I know admins don't patch so I can write a worm and
> kill the world." 


Since you directed this to the "security community" it seems you
are speaking to IT folk and not end users. I **cannot** apply
MS patches till they go through quite a bit of testing. I have been 
bitten with production boxes that are rendered unusable after a round 
of MS patches. We are a BSD/Linux shop with just a few MS boxes but it
still takes a lot of time to make sure the patch(es) will work with
various configurations and applications. I **shudder** to think what
orgs that are all MS have to do to deploy patches.

Who's fault is that?








Powered by blists - more mailing lists