Re: [Full-Disclosure] The worm author finally revealed!
From: HggdH (hggdh@attbi.com)
Date: 01/31/03
- Previous message: Mark Renouf: "Re: [Full-Disclosure] The worm author finally revealed!"
- In reply to: futureshoks@hushmail.com: "RE: [Full-Disclosure] The worm author finally revealed!"
- Next in thread: futureshoks@hushmail.com: "Re: [Full-Disclosure] The worm author finally revealed!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "HggdH" <hggdh@attbi.com> To: <full-disclosure@lists.netsys.com> Date: Fri, 31 Jan 2003 09:05:05 -0600
From: <futureshoks@hushmail.com>
(...)
|
| Just imagine you pulled the plug on your company's webserver because they
were running an un-patched IIS (and you're running IIS because some
development manager decided it was The Right Thing). Your CEO comes storming
down saying they are loosing business and the reputation of the company is
being damaged. What do you do? Retort with "well a hacked webserver would be
more damaging". What do you think (s)he'll say? "Oh OK then, I see your
point. Keep the servers down until its patched and thankyou for your
proactive stance". Or more likely "get the servers back on-line or you are
fired".
|
(...)
Thank the Almight someone here actually works in a company like all
companies I worked for. No, immediate patching does not happen all the
times, and immediate response (i.e. fixing the code) does not happen all the
time.
You, or your manager, or your manager's manager (or, who knows, your intern)
will always be making a call. Just like what you do when you are getting
near to a crossing, and the traffic lights start to change. Most of the
times you do not need to be a prophet to make the right call, but not
always. Some times (in fact, a whole lot of them) making the wrong call does
not hurt you.
..hggdh..
"I completely hate extremists"
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Next message: Thor Larholm: "Re: [Full-Disclosure] Origin of the term "driveby download""
- Previous message: Mark Renouf: "Re: [Full-Disclosure] The worm author finally revealed!"
- In reply to: futureshoks@hushmail.com: "RE: [Full-Disclosure] The worm author finally revealed!"
- Next in thread: futureshoks@hushmail.com: "Re: [Full-Disclosure] The worm author finally revealed!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
