[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1067651005.1402.19.camel@jameshome>
From: hackerwacker at cybermesa.com (james)
Subject: Gates: 'You don't need perfect code' for
good security
On Fri, 2003-10-31 at 16:50, Beaty, Bryan wrote:
> Correct me if I am wrong but...
I'll be glad to.
>
> I believe every worm listed below could have been prevented had everyone
> patched their systems.
> I would like the security community to take more responsibility for
> their own (in)actions. If you were hit by Blaster then you failed to
> enforce a good patch management policy. Who's fault is that? Patch
> management is boring and so we often ignore it. Hackers and worms simply
> take advantage of our laziness. I guess blaster could be a form of
> social engineering. "I know admins don't patch so I can write a worm and
> kill the world."
Since you directed this to the "security community" it seems you
are speaking to IT folk and not end users. I **cannot** apply
MS patches till they go through quite a bit of testing. I have been
bitten with production boxes that are rendered unusable after a round
of MS patches. We are a BSD/Linux shop with just a few MS boxes but it
still takes a lot of time to make sure the patch(es) will work with
various configurations and applications. I **shudder** to think what
orgs that are all MS have to do to deploy patches.
Who's fault is that?
Powered by blists - more mailing lists