Full Disclosure mailing list archives
RE: Learn from history?
From: "Ferris, Robin" <R.Ferris () napier ac uk>
Date: Thu, 6 May 2004 10:41:18 +0100
Hi A couple of things here that I wanted to comment on:
1. Microsoft already provides that feature
Sure. Yo have no problem about running it automatically? SMB generally arent worrie about running simething like WIndows Update automatically, other than the fact that it uses bandwidth that they are paying for. So there is a costs benefit analysis that needs to be done there. There is also SUS which a lot of people have started to and are deploying as we speak. I know for a fact that the norm in the UK higher education sector is for SUS to be running.
2. If a patch cannot be installed, find workaroundsThat does not work with the workarounds customer need to facilitate life (security <> easy of use, remember)
Work arounds donmt have a place in any sort of open user environment they take too much time to deploy and impose to many problems on the end user and also need to be undone after the problem is fixed. Way way way to much work there.
3. If it is a port-related threat, find out if such ports are in use, and if not, make sure they are closed.Once the virus is on the LAN it can do whatever it wants.Hello! Block the ports BEFORE they hit the LAN. Proactive security. Also, do us a favor and don't propogate the shit!
What is all this rubbish about. Roughly 15% of all assests attached to a networks around the world are unaccounted for!! So how are you meant to protect yourself against them. Example - firewall blocking all ports, some one comes in with a laptop thats infected and bobs your uncle you left scratching your head wondering why your firewall didnt work. lmao that mi friends is the soft center that the black hat looks for!! Anyway just my 2 cents worth. RF -----Original Message----- From: Serge van Ginderachter (svgn) [mailto:svgn () orbid be] Sent: 06 May 2004 10:12 To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Learn from history?
1. Microsoft already provides that feature
Sure. Yo have no problem about running it automatically?
2. As soon as possible for "you"
No. As soon as the customer phones asking you to drop by. Meanin: when it's too late.
2. If a patch cannot be installed, find workaroundsThat does not work with the workarounds customer need to facilitate life (security <> easy of use, remember)
And the computers/networks will be so easy to use when lines are saturated, file systems are corrupted or data are stolen
That's the problem they are prepared to deal with at the moment it comes. They think it's cheaper.
3. If it is a port-related threat, find out if such ports are in use, and if not, make sure they are closed.Once the virus is on the LAN it can do whatever it wants.Hello! Block the ports BEFORE they hit the LAN. Proactive security. Also, do us a favor and don't propogate the shit!
Well of course they are blocked. But there are other means of coming in you know.
Some of the comments overheard this week regarding Sasser:I did propose some firewall, but they feel it's too much EUREUREUREURAnd you provided some sort of analysis showing potential losses due to the lack of a security infrastructure, right?
Well indeed of course not. Customer is not prepared to pay for that kind of analysis.
Will they learn from history? Only history will tell.I'm pretty sure they won't. Even most tech guys don't have a clue.Evidently, thanks for your example.
There's no reason to get personal here. Don't judge me on such a restraint discusion. My only point is, SMB businesses are not prepared to pay for advanced security, which you say I should provide, and to whick I totally agree. Maybe my boss does not have the right business plan and marketing to 'sell' security. Probably. Serge _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Learn from history?, (continued)
- Re: Learn from history? Valdis . Kletnieks (May 05)
- RE: Learn from history? Serge van Ginderachter (svgn) (May 05)
- RE: Learn from history? Alerta Redsegura (May 05)
- RE: Learn from history? full-disclosure (May 05)
- RE: Learn from history? Stuart Fox (DSL AK) (May 05)
- RE: Learn from history? Alerta Redsegura (May 05)
- RE: Learn from history? Stuart Fox (DSL AK) (May 05)
- Re: Learn from history? Ondrej Krajicek (May 06)
- RE: Learn from history? Serge van Ginderachter (svgn) (May 06)
- RE: Learn from history? Alerta Redsegura (May 06)
- RE: Learn from history? Ferris, Robin (May 06)
- RE: Learn from history? Alerta Redsegura (May 06)
- RE: Learn from history? Steve Bremer (May 06)
- RE: Learn from history? Serge van Ginderachter (svgn) (May 06)
- RE: Learn from history? full-disclosure (May 06)
- RE: Learn from history? Serge van Ginderachter (svgn) (May 06)
- RE: Learn from history? Serge van Ginderachter (svgn) (May 06)
- RE: Learn from history? Ng, Kenneth (US) (May 10)
- RE: Learn from history? Alerta Redsegura (May 10)
- RE: Learn from history? Michal Zalewski (May 10)
- RE: Learn from history? Alerta Redsegura (May 10)
- RE: Learn from history? Alerta Redsegura (May 10)