lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4D3094DB.7010009@isecom.org>
Date: Fri, 14 Jan 2011 19:24:27 +0100
From: Pete Herzog <lists@...com.org>
To: Christian Sciberras <uuf6429@...il.com>
Cc: Zach C <fxchip@...il.com>,
	"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Getting Off the Patch

On 1/14/2011 4:44 PM, Christian Sciberras wrote:
> tested reliable in as much little time. According to the reliability of
> the patch, one would also assume that worst case scenarios involve
> *just* rolling back changes, again, not really loosing anything at all.

The problem with just rolling back is that if you rely on patches for 
security then that's rolled back too. So you do lose that. The other 
issue is enterprises that leave auto-updating on for all hosts and 
then don't have a reliable means to roll-back and certainly not for 
all the systems updated.

-pete.

-- 
Pete Herzog - Managing Director - pete@...com.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.badpeopleproject.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ