[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] When do exploits get used?



On Mon, 2004-03-22 at 17:13, Jay Beale wrote:
> You may find this discussion academic.  But the exploit writers and the 
> worm writers are getting faster.  And that's what should scare us into 
> moving beyond patches.  That's what should get us moving to better 
> network and host configurations.  That's what should get us to evaluate 
> patching as, at most, the easy, but most critical, 50%.

I would say that we could all agree that not patching is a recipe for
disaster -- and that it's very easy to keep up to date. 

But, my 90% figure comes from the accidental plugging of unpatched
Windows machines into the open network.  Every time I do that, the
machine is running msblast in a few minutes.  And as near as I tell,
it's not my machines that are doing it (except for that one unpatched
machine that I spend an hour rebuilding)...

-Luke

-- 
Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html