RE: exploit to vulnerability

From: Murad Talukdar (talukdar_m_at_subway.com)
Date: 08/31/05

  • Next message: linux.yahoo_at_gmail.com: "Re: RE: IEEE 802.1x & dynamic vlan assignment"
    Date: Wed, 31 Aug 2005 10:08:35 +1000
    To: 'Steve Manzuik' <smanzuik@eeye.com>
    
    

    You're right Steve when you say;
    >? But would you not have these boxes that require patching (new builds or
    whatever) in a secured environment?

    But can I guarantee that every thing that needs to be filtered
    is--especially for a new exploit? I obsess about becoming
    complacent-paranoia has become my middle name.

    I don't know how likely it would be for something new to jump onto a port
    that we have to have open for whatever reason and get in but as I am a one
    man show(from writing/enforcing policy to troubleshooting hardware to
    purchasing etc etc) when it comes to IT in the office, then it means that
    time is always my biggest battle here.
    Automation is great but even then, things need monitoring.

    I guess my 'what if' was in the realms of unlikely but still...
    I take your points about testing though and it makes me think that
    convincing the 'powers that be' of having test machines/policies pays in the
    long run. Reality is though, that it most likely won't appeal as a priority.

    -----Original Message-----
    From: Steve Manzuik [mailto:smanzuik@eeye.com]
    Sent: Wednesday, August 31, 2005 8:53 AM
    To: Murad Talukdar
    Subject: RE: exploit to vulnerability

    -----Original Message-----
    From: Murad Talukdar [mailto:talukdar_m@subway.com]
    Sent: Sunday, August 21, 2005 9:00 PM
    To: 'Murad Talukdar'; focus-ms@securityfocus.com
    Subject: RE: exploit to vulnerability

    <snip>

    I guess the window, on average, is bigger than I thought, however, the
    top end of the exploit bell curve may well mean 0-day(or close enough)
    for a few. And as we all know, that one which gets in could be the one
    that does enough damage. So I would certainly like to use that scale in
    my 'lead time'
    rather than say, 'What me worry? I've got (on average) four weeks.'

    ---------------------------------------------------

    But would you not have these boxes that require patching (new builds or
    whatever) in a secured environment? Sure, take an unpatched box and put
    it on an unprotected network with zero filtering in place and it will be
    ultimately owned and owned quickly but in your specific case, I doubt
    this is what is done.

    Signed,
    Steve Manzuik
    eEye Digital Security
    T.949-900-4118
    C.949-874-4397

    http://eEye.com/Blink - End-Point Vulnerability Prevention
    http://eEye.com/Retina - Network Security Scanner
    http://eEye.com/Iris - Network Traffic Analyzer
    http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

    Important Notice: This email is confidential, may be legally privileged,
    and is for the intended
    recipient only. Access, disclosure, copying, distribution, or reliance
    on any of it by anyone else
    is prohibited and may be a criminal offense. Please delete if obtained
    in error and email confirmation
    to the sender.

    I read my email with Outlook
    I read your email with Iris

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: linux.yahoo_at_gmail.com: "Re: RE: IEEE 802.1x & dynamic vlan assignment"

    Relevant Pages

    • Re: Java/ByteVerify a Trojan
      ... One just has to go to Windows Update web site. ... Dave ... |> Patching the vulnerability and keeping his AV application up-to-date with On Access ...
      (microsoft.public.security.virus)
    • Re: Java/ByteVerify a Trojan
      ... Patching the vulnerability? ... > | is vey relevant.What's the point of removing it if he just gets infected ...
      (microsoft.public.security.virus)
    • Re: Java/ByteVerify a Trojan
      ... Patching the vulnerability and keeping his AV application up-to-date with On Access scanning ... | is vey relevant.What's the point of removing it if he just gets infected ...
      (microsoft.public.security.virus)
    • RE: Mike Lynn released information about a hacking Cisco IOS
      ... equipment is "Certs" some devices are cleared for work on set OS lvls. ... So patching isnt always an option. ... Mike Lynn released information about a hacking Cisco IOS ... technique with an old vulnerability that has already been patched. ...
      (Security-Basics)
    • Re: Automatic Security Patching for Debian
      ... I personally would not want anything to scan my boxes for a ... vulnerability than open up my box enough that the same thing that ... Kristian Du wrote: ... > the net existing patches and installs them for you automatically? ...
      (Security-Basics)