Full Disclosure mailing list archives
Re: When do exploits get used?
From: Luke Scharf <lscharf () aoe vt edu>
Date: Mon, 22 Mar 2004 17:31:44 -0500
On Mon, 2004-03-22 at 17:13, Jay Beale wrote:
You may find this discussion academic. But the exploit writers and the worm writers are getting faster. And that's what should scare us into moving beyond patches. That's what should get us moving to better network and host configurations. That's what should get us to evaluate patching as, at most, the easy, but most critical, 50%.
I would say that we could all agree that not patching is a recipe for disaster -- and that it's very easy to keep up to date. But, my 90% figure comes from the accidental plugging of unpatched Windows machines into the open network. Every time I do that, the machine is running msblast in a few minutes. And as near as I tell, it's not my machines that are doing it (except for that one unpatched machine that I spend an hour rebuilding)... -Luke -- Luke Scharf, Systems Administrator Virginia Tech Aerospace and Ocean Engineering _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Operating Systems Security, 'Microsoft Security, baby steps', (continued)
- Re: Operating Systems Security, 'Microsoft Security, baby steps' Daniele Muscetta (Mar 18)
- RE: [inbox] Operating Systems Security, "Microsoft Security, baby steps" Curt Purdy (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Schmehl, Paul L (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Luke Scharf (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Nico Golde (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Ben Laurie (Mar 22)
- When do exploits get used? Paul Schmehl (Mar 22)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- Re: When do exploits get used? Jay Beale (Mar 22)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- RE: When do exploits get used? Bill Royds (Mar 22)
- Message not available
- RE: When do exploits get used? Michael Cecil (Mar 22)
- Re: When do exploits get used? Luke Norman (Mar 24)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- Re: When do exploits get used? Jay Beale (Mar 23)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- Re: When do exploits get used? Dave Aitel (Mar 22)