Full Disclosure mailing list archives
RE: Gates: 'You don't need perfect code' for good security
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Sat, 01 Nov 2003 11:00:40 +0100
Le sam 01/11/2003 à 00:50, Beaty, Bryan a écrit :
I believe every worm listed below could have been prevented had everyone patched their systems.
I would say it is even worse than that. If CodeRed and Nimda rely on vulnerabilities on open services (i.e. HTTP), Slammer and Blaster rely on vulnerabilities on services that _should_ not be accessible to the Internet. This means to me Slammer and Blaster worms could have been prevented had everyone implemented a decent filtering scheme on its routers/firewalls... Especially regarding Slammer, for SQL Server is most a professional application. Blaster, as it also targets everyone, including thoses who are not skilled/informed enough to take good prevention mesures. Nevertheless, Blaster is blocked by any personnal firewall... -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Gates: 'You don't need perfect code' for good security |reduced|minus|none| (Oct 31)
- <Possible follow-ups>
- RE: Gates: 'You don't need perfect code' for good security Beaty, Bryan (Oct 31)
- RE: Gates: 'You don't need perfect code' for good security james (Oct 31)
- RE: [spam] RE: Gates: 'You don't need perfect code' for good security Exibar (Nov 01)
- udp port 2615 Trond Kringstad (Nov 01)
- RE: Gates: 'You don't need perfect code' for good security Cedric Blancher (Nov 01)
- Re: Gates: 'You don't need perfect code' for good security William Warren (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Matthew Murphy (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Matthew Murphy (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 02)
- Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 03)
- Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 03)
- Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 03)
- Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 04)
- Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 04)