lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <40015EB0.1070209@verizon.net>
From: hescomingsoon at verizon.net (William Warren)
Subject: [inbox] Re: 3 new MS patches next week... but
 none fix

no not actually..most patches for linux patch the third party apps for 
the distribution..the only ones that require mods to the kernel are 
kernel vulns and theya re few and far between.

Exibar wrote:

>
>  
>
>>I think it is a totally lame approach.  The patch distribution problem
>>has been pretty much solved by other vendors.  We would all sleep better
>>at night if M$ would just get a clue.  Oh well.
>>
>>tim
>>    
>>
>
>
>  It's not that Microsoft doesn't have a clue, they do.  We are getting
>regular patches for holes that are found are we not?  If they didn't have a
>clue, we would have yearly patches or none at all.  Ok, there may be some
>holes that aren't patched yet, but I'm sure they're working on them and
>they're coming.  Some patches just have to take precedence over others.
>
>  I've seen quite a few vulnerabilities come across this list in this past
>week, not many have vendor fixes yet either.  This is not a Microsoft
>exclusive problem.  We need a better way to patch systems, ALL systems.
>
>   I've said it once on another list, and I'll say it here, we need a sort
>of "patching server" that is on an isolated subnet.  When a machine first
>connects to the network, it gets an IP address and is only allowed to talk
>to the patching server(s).  Once the patching servers (for ALL OS's mind
>you) determine that the machine is up to date with it's patches, then and
>only then is it allowed to connect to the production network.
>
>  Now this won't take care of 0-day exploits for 0-day vulns, but it would
>have taken care of 95% of the scrambles that a lot of companies went through
>last year.
>
>
>  Let me ask this question, if you were running a company with 30,000 LINUX
>boxes.  How would you patch all of them?  Don't a lot of Linux patches
>require a re-build of the kernel?
>
>  Exibar
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>  
>

-- 
May God Bless you and everything you touch.

My "foundation" verse: 
Isaiah 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ