RE: AW: [Full-Disclosure] no more public exploits

From: Blake Wiedman (bwiedman_at_iconsinc.com)
Date: 04/29/04

  • Next message: Bryce Porter: "RE: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow."
    To: "'Ng, Kenneth (US)'" <kenng@kpmg.com>, "'Bernard J. Duffy'" <bduffy@gmail.com>, <full-disclosure@lists.netsys.com>
    Date: Wed, 28 Apr 2004 18:16:23 -0400
    
    

    Just a bit of info.

    Military patching usually adheres to the following standard (I was in
    the Air Force so when I state military I mean AF)

    1. Microsoft releases a patch.

    2. DISA reviews it

    3. Either the same day or longer DiSA informs local MAJCOM NOC's

    4. Local MAJCOM NOCS receive the patch notification and a deadline for
    applying the patch.

    5. The patch can either be received from DISA if provided or if not
    provided downloaded directly from Microsoft.

    6. S.A's and MAJCOM NOCS must give status report as to which machines
    were updated and which were not.

    7. Status and patch implementation is entered into monthly metrics.

    This is a very basic over view.

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Ng, Kenneth
    (US)
    Sent: Wednesday, April 28, 2004 5:37 PM
    To: 'Bernard J. Duffy'; full-disclosure@lists.netsys.com
    Subject: RE: AW: [Full-Disclosure] no more public exploits

    The military does have a lot of rules, some are followed more than
    others.
    A friend got about 20 copies of the Melissa email worm on a computer
    that
    was on a network that was supposed to be completely isolated from the
    outside. How much you wanna bet someone decided to save a few dollars
    by
    dual honing a few pc's? Heck, I've seen someone dual hone a NT4 box
    with
    every service known to man turned on, zero patches, TO THE INTERNET.
    Thank
    god he didn't have the right default route.

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Bernard J.
    Duffy
    Sent: Wednesday, April 28, 2004 3:38 PM
    To: full-disclosure@lists.netsys.com
    Subject: Re: AW: [Full-Disclosure] no more public exploits

    Are you saying that the military has standardized best practices that
    mandate the immediate installation of vendor OS patches? If they do, I
    highly doubt that such policies are widely adhered to.

    The fact is, quickly released security patches can and often do break
    applications, particularly when the system configuration is less
    common. Ask any Windows NT administrator about that.

    I would venture to guess that you would not be a happy camper if the
    IT organization supporting the systems that process your payroll or
    banking applied code fixes without a robust testing procedure.

    Bernard Duffy
    bduffy@nycap.rr.com

    On Wed, 28 Apr 2004 13:13:04 +0800, tcleary2@csc.com.au
    <tcleary2@csc.com.au> wrote:
    >
    > Cael Abal said:
    >
    > >Realistically,the lack of a widespread published exploit means an
    > >attack on any given machine is less likely. An admin who chooses
    > >to ignore these probabilities isn't looking at their job with the
    right
    > perspective.
    >
    > You missed the "IMHO".
    >
    > In the Military your generalisation is probably not a self evident
    truth.
    >
    > To quote another posters sig. "Knowing what you don't know is more
    > important
    > than knowing what you know." and I would add that that's because what
    you
    > do know you can try to deal with.
    >
    > Enough of the philosophy class.
    >
    > Regards,
    >
    > tom.
    >
    ------------------------------------------------------------------------

    ----
    ------------
    > Tom Cleary - Security Architect
    > 
    > "In IT, acceptable solutions depend upon humans - Computers don't
    > negotiate."
    >
    ------------------------------------------------------------------------
    ----
    ------------
    > This is a PRIVATE message. If you are not the intended recipient,
    please
    > delete without copying and kindly advise us by e-mail of the mistake
    in
    > delivery. NOTE: Regardless of content, this e-mail shall not operate
    to
    > bind CSC to any order or other contract unless pursuant to explicit
    > written agreement or government initiative expressly permitting the
    use of
    > e-mail for such purpose.
    >
    ------------------------------------------------------------------------
    ----
    ------------
    > 
    > 
    > 
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    ************************************************************************
    *****
    The information in this email is confidential and may be legally
    privileged.
    It is intended solely for the addressee. Access to this email by anyone
    else
    is unauthorized. 
    If you are not the intended recipient, any disclosure, copying,
    distribution
    or any action taken or omitted to be taken in reliance on it, is
    prohibited
    and may be unlawful. When addressed to our clients any opinions or
    advice
    contained in this email are subject to the terms and conditions
    expressed in
    the governing KPMG client engagement letter.         
    ************************************************************************
    *****
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: Bryce Porter: "RE: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow."

    Relevant Pages