lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1079995363.10512.34.camel@flybynight>
From: lscharf at aoe.vt.edu (Luke Scharf)
Subject: When do exploits get used?

On Mon, 2004-03-22 at 17:13, Jay Beale wrote:
> Patching isn't really 90%.  It seems like that because organizations 
> still aren't keeping up with patches and thus don't know what would have 
> happened if they had.  It seems like that because we're not getting 
> caught in the first two parts of our windows of vulnerability that often 
> just yet.  If a worm comes out in time window 1 or 2, your 1-hour patch 
> turnaround won't save you.

My point is that if one forgets the fundamentals, all of the
firewalling, GPO setups, nifty scripts, and other work is useless.

What good is your firewall if you forgot to patch it and it's being
controlled from outside? :-)

-Luke

-- 
Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ