lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4059E001.9020805@emmanuelcomputerconsulting.com>
From: hescominsoon at emmanuelcomputerconsulting.com (William Warren)
Subject: Re: Microsoft Security, baby steps ?

More enterprises would automate patching if MS's track record on their 
patches was not so bad...in this regards I am talking about their 
patches either introducing new holes or breaking critical applications....

Schmehl, Paul L wrote:

>>-----Original Message-----
>>From: full-disclosure-admin@...ts.netsys.com 
>>[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
>>Full-Disclosure
>>Sent: Thursday, March 18, 2004 2:17 AM
>>To: full-disclosure@...ts.netsys.com
>>Subject: RE: [Full-Disclosure] Re: Microsoft Security, baby steps ?
>>
>>In an corporate environment, you will have SUS or SMS 
>>running. If so, no need for internet access.
>>
> 
> I'm seeing statements like this more and more, on this list and others,
> and it's really starting to bug me.  (Not picking on you personally.)
> Most of the attacks on corporate boxes come from the inside.  Blocking
> internet access does very little to protect you.  Don't believe it?
> Then explain how Slammer and Sobig and Mydoom and Nachi and Blaster
> managed to spread in corporate environments that have very good
> firewalling.
> 
> Putting up a firewall is one small step in a very large process that
> gets you some semblance of security.  You are not "safe" simply because
> the firewall is up and running.  All it take is *one* improperly
> maintained box on the inside to be compromised/infected, and the hacker
> is off to the races.  What will SUS/SMS do for you then?
> 
> By all means, automate patching.  But for god's sake, don't think that
> once you've done that you're done!  You've only just begun.
>  
> Paul Schmehl (pauls@...allas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/~pauls/ 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

-- 
My "Foundation" verse:
Isa 54:17  No weapon that is formed against thee shall prosper; and 
every tongue that shall rise against thee in judgment thou shalt 
condemn. This is the heritage of the servants of the LORD, and their 
righteousness is of me, saith the LORD.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ