Re: [Full-Disclosure] Web sites compromised by IIS attack

From: Aditya, ALD [ Aditya Lalit Deshmukh ] (aditya.deshmukh_at_online.gateway.technolabs.net)
Date: 07/01/04

  • Next message: Aditya, ALD [ Aditya Lalit Deshmukh ]: "Re: [Full-Disclosure] Web sites compromised by IIS attack (fully off topic!)" 
    To: "Denis Dimick" <denis@dimick.net>, "Frank Knobbe" <frank@knobbe.us>
Date: Thu, 1 Jul 2004 11:08:55 +0530

    > > Right. But we also need better methodologies for vendors to fix their
    > > products. The emphasis here is on "the vendor fixing the broken
    > > product". It should not be a burden on the consumer, but on the vendor.
    > >
    >
    > Like I said, Do you REALLY want a vendor to install patches for you?

    i would never trust any patch from red hat / sun system / microsoft without actually testing it on a sacrificial lamb before going in production use.

                                                          
    щb╜ъ▐vы"Ю axZ▐xўл▓Й┌ФGb╢*'бєК[kjпЁ├цj)mнк rЙ 

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Aditya, ALD [ Aditya Lalit Deshmukh ]: "Re: [Full-Disclosure] Web sites compromised by IIS attack (fully off topic!)"

    Relevant Pages

    • RE: [Full-Disclosure] Getting the lead out of broken virus / worm email meta-reporting
      ... > vendors and clients could instantly counter with a new filter or ... > particular subject of universal alerts with fix etc. etc? ... > not found by grisoft proxy scanner ...
      (Full-Disclosure)
    • Re: MS02-064 fix time
      ... have a proven fix - this probably isn't the longest time. ... vendors were first made aware of bugs. ... this year's vulnerabilities have quantifiable notification-to-release ... provided a fix within 1 business day of receiving initial notification ...
      (Bugtraq)
    • Re: Towards a responsible vulnerability process
      ... To believe that vendors all behave the ... Microsoft has run the train off the tracks many times in the past. ... Getting a fix is ... security vulnerabilities, vulnerabilities that can be widely exploited, and ...
      (NT-Bugtraq)
    • RE: RE : RE : [Full-Disclosure] [Secure Network Operations, Inc.] FullDisclosure != Exploit Release
      ... and work overtime to fix problems. ... was no security design or testing involved in the development process. ... > We are not talking about working with vendors or notifying vendors. ... > On Wed, 29 Jan 2003, Ron DuFresne wrote: ...
      (Full-Disclosure)
    • Re: understanding "uname -r"
      ... > Linux community to fix the bugs and simply use whatever Linus Torvalds ... In certain cases the vendor supports hardware that the mainline kernel ... People are paying the vendors for kernels that work, ...
      (comp.os.linux.development.system)