Full Disclosure mailing list archives
Re: Web sites compromised by IIS attack
From: "Willem Koenings" <isec () europe com>
Date: Fri, 02 Jul 2004 18:55:04 -0500
Like I said, Do you REALLY want a vendor to install patches for you?Absolutely. Have them send a technician ON SITE. Have them STAY and fix the product until it is working. (Free of charge mind you... just like the free repair of a recalled water pump for your car). If applied patches crash the system further, it is the responsibility of that technician (representing the vendor) to get it back in working order.
frank, this is not a kindergarden list. this not a housewife support list. this is a security list, this a full disclousure list. period. any adequate member of this list should and must apply security fixes and patches by himself/herself, after testing. if there is no patches released meanwhile, he/she should be reasonable adequate to take measures to mitigate attack vectors until fixes is released. allowing third party technician to access your system and installing unverified paches is a serious security issue. willem -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Web sites compromised by IIS attack, (continued)
- Re: Web sites compromised by IIS attack Ron DuFresne (Jul 02)
- Re: Web sites compromised by IIS attack Maarten (Jul 03)
- Re: Web sites compromised by IIS attack Valdis . Kletnieks (Jul 02)
- Re: Web sites compromised by IIS attack Nick FitzGerald (Jul 02)
- Re: Web sites compromised by IIS attack Frank Knobbe (Jun 30)
- Re: Web sites compromised by IIS attack Denis Dimick (Jul 01)
- Re: Web sites compromised by IIS attack Frank Knobbe (Jul 01)
- RE: Web sites compromised by IIS attack joe (Jul 01)
- Re: Web sites compromised by IIS attack Denis Dimick (Jul 01)
- RE: Web sites compromised by IIS attack joe (Jul 03)
- Re: Web sites compromised by IIS attack Ron DuFresne (Jul 03)
- Re: Web sites compromised by IIS attack Jason Coombs (Jul 04)
- Re: Web sites compromised by IIS attack Valdis . Kletnieks (Jul 08)