lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: isec at europe.com (Willem Koenings)
Subject: Web sites compromised by IIS attack

> > Like I said, Do you REALLY want a vendor to install patches for you? 
> 
> Absolutely. Have them send a technician ON SITE. Have them STAY and fix 
> the product until it is working. (Free of charge mind you... just like 
> the free repair of a recalled water pump for your car). If applied 
> patches crash the system further, it is the responsibility of that 
> technician (representing the vendor) to get it back in working order. 

frank, this is not a kindergarden list. this not a housewife support
list. this is a security list, this a full disclousure list. period.
any adequate member of this list should and must apply security fixes
and patches by himself/herself, after testing. if there is no patches
released meanwhile, he/she should be reasonable adequate to take 
measures to mitigate attack vectors until fixes is released. allowing
third party technician to access your system and installing unverified
paches is a serious security issue.

willem
-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm


Powered by blists - more mailing lists