RE: AW: [Full-Disclosure] no more public exploits

• Previous message: Starford, Christopher D.: "RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners"
• Maybe in reply to: Baum, Stefan: "AW: [Full-Disclosure] no more public exploits"
• Next in thread: Ng, Kenneth (US): "RE: AW: [Full-Disclosure] no more public exploits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Bernard J. Duffy'" <bduffy@gmail.com>, full-disclosure@lists.netsys.com
Date: Wed, 28 Apr 2004 22:10:24 +0200

> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com [mailto:full-disclosure-
> admin@lists.netsys.com] On Behalf Of Bernard J. Duffy
> Sent: Wednesday, April 28, 2004 3:38 PM
> To: full-disclosure@lists.netsys.com
> Subject: Re: AW: [Full-Disclosure] no more public exploits

[Soderland, Craig] Much Stuff filtered.

> I would venture to guess that you would not be a happy camper if the
> IT organization supporting the systems that process your payroll or
> banking applied code fixes without a robust testing procedure.

[Soderland, Craig] I'd be even less happy if my banking institution, or payroll department got hacked. A delay in getting to my accounts I can live with, and complete cleaning out I cannot.

The long and short of it is, you can patch, and break something, however if you go that route you can also back it out.

You can not patch, and be at someone else's mercy and perhaps not know what they have done or how to fix short of a rebuild.

Me, well I prefer to maintain the illusion of being the master of my own destiny.

Besides I've seen the time and effort required, if you do get hit, as opposed to the time and effort required to patch. I'll take the easy way out and patch.

----------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Starford, Christopher D.: "RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners"
• Maybe in reply to: Baum, Stefan: "AW: [Full-Disclosure] no more public exploits"
• Next in thread: Ng, Kenneth (US): "RE: AW: [Full-Disclosure] no more public exploits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: showq issues (looking for Mr. Cadier) ... (and Bill), ... Hi Craig, ... the patch was MPEMXK3 which has been superseded for each release in the 2 years since we corrected that. ... * To join/leave the list, search archives, change list settings, * ... (comp.sys.hp.mpe) Re: Cant create mail or open address book ... Download this patch also. ... It is due to come out as part of a Cumulative Patch in the future, but it is available now and may help you out. ... "Craig" wrote in message ... and install all updates as they are offered. ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress) Re: ssh to FreeBSD 4 systems: xmalloc: zero size ... Can someone apply the patch to SSH to fix the regression ... Craig Rodrigues ... Can we get this fix into FreeBSD before the 7.1 RELEASE? ... (freebsd-stable) Re: 6.0-RC1 IPv6 losing local subnet route ... > Hello Craig, ... Been running with your patch all day and so far no problems whatsoever. ... the trick. ... To unsubscribe, ... (freebsd-net)