[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1068758377.11682.20.camel@Star.BerthoudWireless.net>
From: security at 303underground.com (Scott Taylor)
Subject: SSH Exploit Request
On Thu, 2003-11-13 at 13:19, Valdis.Kletnieks@...edu wrote:
> On Thu, 13 Nov 2003 12:08:41 EST, Robert Davies <phantasm@...tbox.net> said:
>
> > I am quite bothered out the ass by well paid admins that are too damn lazy
> > to spend the few minutes it takes to repair a flawed service. Either start
> > doing your job, or get the hell out of the way for those of us that want to
> > do the job required properly!
>
> Actually, the *original* problem was that the OP *wanted* to apply the patch
> to fix a flawed service, but was prevented from doing so by a flawed policy.
>
> Now tell me - would *you* install the patch anyhow, knowing that (possibly)
> doing so without all the change-control paperwork being done correctly
> would mean your ass would be canned and you'd be looking for another job?
"Change Control" paperwork is the bane of security folks. I have most
often been on the network/firewall side of things and had been expected
to block access at the network level to make up for slow patching from
the sysadmin side. I was at least lucky enough to have a management
chain that understood the importance of security enough to verbally
approve any reasonable requests from our team on short notice.
There is definitely a need for change control and regression testing.
Especially when microsoft servers are concerned. Who hasn't seen a site
go down or a computer bluescreen or something equally fatal to the
system after a microsoft patch was applied? They obviously can't be
bothered to test their software, so its up to users concerned with
uptime to test it themselves before applying patches to production
servers.
But it really does take both sides to keep systems safe. Not everything
can be filtered at the network level, and threats are not exclusively
from "the internet". Unhappy employees or otherwise compromised machines
can further exploit the internal network.
--
Scott Taylor - <security@...underground.com>
BOFH Excuse #209:
Only people with names beginning with 'A' are getting mail this week (a la Microsoft)
Powered by blists - more mailing lists