| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jan 2011 19:24:27 +0100 From: Pete Herzog <lists@...com.org> To: Christian Sciberras <uuf6429@...il.com> Cc: Zach C <fxchip@...il.com>, "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Getting Off the Patch On 1/14/2011 4:44 PM, Christian Sciberras wrote: > tested reliable in as much little time. According to the reliability of > the patch, one would also assume that worst case scenarios involve > *just* rolling back changes, again, not really loosing anything at all. The problem with just rolling back is that if you rely on patches for security then that's rolled back too. So you do lose that. The other issue is enterprises that leave auto-updating on for all hosts and then don't have a reliable means to roll-back and certainly not for all the systems updated. -pete. -- Pete Herzog - Managing Director - pete@...com.org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists