Penetration Testing mailing list archives
RE: Vulnebrability level definition
From: Shawn Bernard <shawn.bernard () NetworksUnlimited com>
Date: Thu, 13 Feb 2003 10:29:39 -0500
Comments with some snipping for brevity... -----Original Message----- From: Damir Rajnovic [mailto:gaus () cisco com] Sent: Thursday, February 13, 2003 5:44 AM To: pen-test () securityfocus com; security-basics () securityfocus com Subject: RE: Vulnebrability level definition <----SNIP---->
You are assuming that IIS is the one running a publicly accessible server.
If IIS is used in some remote office deep
within you organization then it is less exposed. Thus, one may not rush to
patch this vulnerability but wait some time. Then one would be naively assuming that the only threat to their network is from the "public". Even if you do not have a "malicious" internal user, a poorly secured laptop that gets plugged into a home brodband connection, infected with the 'worm of the week' and then plugged into the internal network could wreak havoc on all of the machines you have decided to wait some time on patching. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Vulnebrability level definition, (continued)
- Re: Vulnebrability level definition R. DuFresne (Feb 11)
- Re: Vulnebrability level definition Per Niila Albinsson (Feb 11)
- Re: Vulnebrability level definition Damir Rajnovic (Feb 12)
- RE: Vulnebrability level definition Rob Shein (Feb 12)
- RE: Vulnebrability level definition Damir Rajnovic (Feb 13)
- RE: Vulnebrability level definition Rob Shein (Feb 14)
- Re: Vulnebrability level definition Damir Rajnovic (Feb 12)
- Re: Vulnebrability level definition raymond (Feb 14)