| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jan 2011 14:14:09 -0500 From: Dan Tulovsky <dant@...snow.com> To: Григорий Братислава <musntlive@...il.com> Cc: full-disclosure@...ts.grok.org.uk, lists@...com.org Subject: Re: Remedy for Getting Off is Patch This may be a troll, but it reminds me of something a fellow sysadmin said in a meeting once: "Firewalls? Who needs firewalls? If you properly maintain your end system, you don't need a firewall." 2011/1/14 Григорий Братислава <musntlive@...il.com>: > Hello full disclosure!!! > > I'd like to warn you about Patches. As is everyone knows, patches > is are pieces of is software that software manufacturers is make to > fix their is horrendous programs. Is you not patch, you is get > owned. Gone is under sixty seconds. > > As is say on Wikipedia -- "A security patch is a change applied to > an asset to correct the weakness described by a vulnerability. This > corrective action will prevent successful exploitation and remove or > mitigate a threat’s capability to exploit a specific vulnerability in > an asset. Security patches are the primary method of fixing security > vulnerabilities in software. Currently Microsoft releases its > security patches once a month, and other operating systems and > software projects have security teams dedicated to releasing the most > reliable software patches as soon after a vulnerability announcement > as possible. Security patches are closely tied to responsible > disclosure." > > > As in say by musntlive -- "A security patch is is a change > applied is to an asset is to correct ignorance and stupidities of > developers of is application because is their application is > ownerizable. This is corrective action and is nothing more than is > bandaid to prevent temporary exploitation and is remove vulnerability > for short amount of is time. Security patches is only method of > vendors like is Microsoft is to cover their осёл. 'Is we is Microsoft > and is sure we make sloppy software.' All software is beta присоска! > And is you is stupid for buying is software. Security patches is > closely tied with sloppy coding and is rushing to market." > > Is argue by Thor (who is musntlive respect) as is is arguement by > Valdis (who is musntlive respect is усы) is Pete Herzog (who is > musntlive respect) say: 'defense in depth' -- "the more reason to > implement an array of controls (defense in width) for the interactive > points rather than rely on patches to fix ONLY the problems you know > about." Now is musntlive lay smack down on is everyone even is I > respect all of you. > > Is Pete you must understand is I pay $40,000.00 or give 10,000 > little сурок trade for software - I is expect software to is work > how I want is work. I is build my business on is this application so > when is code is changed now I is has to maybe accept it yes or is not > accept it. Is I accept is change is software maybe break my system > and is cost me money or possibly worse сурок!! Is who присоска > now!!??!!?? > > Is patch no answer!! Because is New Year musntlive offers everyone > fair solution to is fix: OpenBSD. Now is when you have security > issues since is your machine backdoored is you can ask Theo or the FBI > to fix is your machine. > > > Thank is you all for support in 2011 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists