Re: [Full-disclosure] Getting Off the Patch

---

• From: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 19 Jan 2011 09:13:29 +0000

---

Christian,

There is no 'direct alternative' as we have already established that there
is no "be all and end all" for security, it's when you layer these factors
on top of each other that it becomes more effective.

On Tue, Jan 18, 2011 at 11:45 PM, Christian Sciberras <uuf6429@xxxxxxxxx>wrote:

I'm getting a bit annoyed reading over and over arguments which I've
highlighted some time ago anyway (
http://www.mail-archive.com/full-disclosure@xxxxxxxxxxxxxxxxx/msg44454.html
).

The real question, what is the *direct* alternative to patching?

Don't say "sandboxing" because it doesn't always work.
And don't tell me about only installing the system critical issues only -
that's called "update by priority".
Also, please remember that we are talking against patching, not discussing
where patching works(/ is better) or not so I would expect any serious
arguments to completely exclude patching.

Regards,
Chris.






On Tue, Jan 18, 2011 at 9:05 PM, coderman <coderman@xxxxxxxxx> wrote:

On Tue, Jan 18, 2011 at 11:43 AM, phocean <0x90@xxxxxxxxxxx> wrote:

... how is this new ? It has been the best
practice of good system/security administrators for years.

And it doesn't look like a "no patching" policy yet...

sure, .. though you've made me sad considering how few organizations
do "best practice, good system/security administration".

not new, still difficult? (~_~;)


that leaves consensus:
"no patching" elusive, yet to be observed in real-world. (e.g.
yeti or bigfeets)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

---

• Follow-Ups:
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Christian Sciberras

• References:
  • [Full-disclosure] Getting Off the Patch
    • From: Pete Herzog
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Zach C
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Pete Herzog
  • Re: [Full-disclosure] Getting Off the Patch
    • From: phocean
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Valdis . Kletnieks
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Thor (Hammer of God)
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Pete Herzog
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Thor (Hammer of God)
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Zach C
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Thor (Hammer of God)
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Pete Herzog
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Thor (Hammer of God)
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Pete Herzog
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Thor (Hammer of God)
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Cal Leeming [Simplicity Media Ltd]
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Cal Leeming [Simplicity Media Ltd]
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Valdis . Kletnieks
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Thor (Hammer of God)
  • Re: [Full-disclosure] Getting Off the Patch
    • From: coderman
  • Re: [Full-disclosure] Getting Off the Patch
    • From: phocean
  • Re: [Full-disclosure] Getting Off the Patch
    • From: coderman
  • Re: [Full-disclosure] Getting Off the Patch
    • From: Christian Sciberras

• Prev by Date: Re: [Full-disclosure] Path to IT Security
• Next by Date: Re: [Full-disclosure] I find a bug
• Previous by thread: Re: [Full-disclosure] Getting Off the Patch
• Next by thread: Re: [Full-disclosure] Getting Off the Patch
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member ... if the vpn provider had not shat themself, then it would be a non story. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... (Full-Disclosure) Re: [Full-disclosure] [OT] Obama said: "American people understand that not everybodys been foll ... **Steve Crawshaw, former B&B boss ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... Full-Disclosure - We believe in it. ... (Full-Disclosure) Re: [Full-disclosure] [OT] Obama said: "American people understand that not everybodys been foll ... **Steve Crawshaw, former B&B boss ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... Full-Disclosure - We believe in it. ... (Full-Disclosure) Re: [Full-disclosure] Obama Order Sped Up Wave of Cyberattacks Against Iran ... gave it a name: Stuxnet. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... (Full-Disclosure) Re: [Full-disclosure] Congratulations Andrew ... Happens those "youth hackers" don't return what they stole. ... Full-Disclosure - We believe in it. ... Charter: ... Hosted and sponsored by Secunia - ... (Full-Disclosure)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Full-Disclosure  > 2011-01