lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1079994704.10512.24.camel@flybynight>
From: lscharf at aoe.vt.edu (Luke Scharf)
Subject: When do exploits get used?

On Mon, 2004-03-22 at 17:13, Jay Beale wrote:
> You may find this discussion academic.  But the exploit writers and the 
> worm writers are getting faster.  And that's what should scare us into 
> moving beyond patches.  That's what should get us moving to better 
> network and host configurations.  That's what should get us to evaluate 
> patching as, at most, the easy, but most critical, 50%.

I would say that we could all agree that not patching is a recipe for
disaster -- and that it's very easy to keep up to date. 

But, my 90% figure comes from the accidental plugging of unpatched
Windows machines into the open network.  Every time I do that, the
machine is running msblast in a few minutes.  And as near as I tell,
it's not my machines that are doing it (except for that one unpatched
machine that I spend an hour rebuilding)...

-Luke

-- 
Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering


Powered by blists - more mailing lists