lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <033401c43793$558ab390$3f05a8c0@bfgapollo1>
From: kurtbuff at spro.net (Kurt)
Subject: Calcuating Loss

Yup.

I do it all the time.

Management is simply not interested in providing a test network. I can't
even seem to scrounge a couple of desktop-class machines most of the
time.

It's pathetic, but it's the way that many companies operate.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Harlan
Carvey
Sent: Tuesday, May 11, 2004 08:38
To: Full-Disclosure
Cc: Clint Bodungen
Subject: Re: [Full-Disclosure] Calcuating Loss


Clint...

Two words..."testing process".  What happened to that?
 Don't tell me you're installing patches directly to
production systems...

--- Clint Bodungen <clint@...ureconsulting.com> wrote:
> How about when Micro$oft releases a bundled patch
> (cough cough MS04-011) to
> fix several bugs and security holes (supposedly to
> help "minimize loss" from
> these bugs and worms) only to find out that the
> patch itself has broken just
> as many services as it fixed, taking down one's
> server for a few hours,
> causing yet... more loss!  ;-)
>
>
>
> ----- Original Message -----
>
> > Loss?
> >
> > One of my biggest complaints is the way the
> industry "loses billions"
> > whenever a virus or worm breaks out.
> >
> > I mean, securing and maintain your server is not a
> loss. Installing and
> > updating your anti virus or IDS package is not a
> loss. All of these
> > things should have been done anyway.
> >
> > If a server goes off line, I guess you could
> measure the revenue it may
> > have produced as a loss, but technically, that is
> lack of income, not
> > true loss.
> >
> > If you see someone complaining about all the money
> they lost doing what
> > they should have been doing all along, I just see
> spin. And politics.
> >
> > M
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ