[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] When do exploits get used?

To: Jay Beale <jay@xxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] When do exploits get used?
From: Luke Scharf <lscharf@xxxxxxxxxx>
Date: Mon, 22 Mar 2004 17:42:44 -0500

On Mon, 2004-03-22 at 17:13, Jay Beale wrote:
> Patching isn't really 90%.  It seems like that because organizations 
> still aren't keeping up with patches and thus don't know what would have 
> happened if they had.  It seems like that because we're not getting 
> caught in the first two parts of our windows of vulnerability that often 
> just yet.  If a worm comes out in time window 1 or 2, your 1-hour patch 
> turnaround won't save you.

My point is that if one forgets the fundamentals, all of the
firewalling, GPO setups, nifty scripts, and other work is useless.

What good is your firewall if you forgot to patch it and it's being
controlled from outside? :-)

-Luke

-- 
Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"
  - From: Ben Laurie
- [Full-Disclosure] When do exploits get used?
  - From: Paul Schmehl
- Re: [Full-Disclosure] When do exploits get used?
  - From: Luke Scharf
- Re: [Full-Disclosure] When do exploits get used?
  - From: Jay Beale

Prev by Date: Re: [Full-Disclosure] Telnet Sniff Problems
Next by Date: Re: [Full-Disclosure] winxp home expusure
Previous by thread: Re: [Full-Disclosure] When do exploits get used?
Next by thread: Re: [Full-Disclosure] When do exploits get used?
Index(es):
- Date
- Thread