[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"

To: "Schmehl, Paul L" <pauls@xxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"
From: Ben Laurie <ben@xxxxxxxxxxxxx>
Date: Mon, 22 Mar 2004 17:04:43 +0000

Schmehl, Paul L wrote:

-----Original Message----- From: full-disclosure-admin@xxxxxxxxxxxxxxxx [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Todd Burroughs Sent: Thursday, March 18, 2004 2:17 AM To: full-disclosure@xxxxxxxxxxxxxxxx Subject: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"

Updating any OS is a pain in the ass, but all of them have flaws and need to be updated. I find that at least with the UNIX-like ones, you can go on the Net and do your updates faster than you get rooted.
This is foolish thinking.  Do you really think that, when a patch comes
out, *then* the hackers start working on exploits?  The exploits were
being used *long* before the patch comes out.  The only thing a patch
gets you is protection against *future* hack attempts against *that*
weakness.

This is demonstrably not true - it depends who finds the problem.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] When do exploits get used?
  - From: Paul Schmehl

References:
- RE: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"
  - From: Schmehl, Paul L

Prev by Date: [Full-Disclosure] AIX 4.3.3 has make sgid 0?
Next by Date: [Full-Disclosure] commerical rainbow crack?
Previous by thread: Re: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"
Next by thread: [Full-Disclosure] When do exploits get used?
Index(es):
- Date
- Thread