[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Learn from history?
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: RE: [Full-Disclosure] Learn from history?
- From: <full-disclosure@xxxxxxxxxxxx>
- Date: Wed, 5 May 2004 12:27:25 -0700
>> 1. Keep informed.
>Sure. I'll inform all my 300 customers MS release a bug today,
>and I'll drop by to all of them to patch tomorrow.
"You" is implied in that statement.
>> 2. Install patches as soon as possible
>That would involve runnning Windows Automated Update every night
>automagically...
1. Microsoft already provides that feature
2. As soon as possible for "you"
>> 2. If a patch cannot be installed, find workarounds
>That does not work with the workarounds customer need to facilitate
>life (security <> easy of use, remember)
And the computers/networks will be so easy to use when lines are saturated,
file systems are corrupted or data are stolen
>> 3. If it is a port-related threat, find out if such ports are
>> in use, and if not, make sure they are closed.
>Once the virus is on the LAN it can do whatever it wants.
Hello! Block the ports BEFORE they hit the LAN. Proactive security.
Also, do us a favor and don't propogate the shit!
>> Some of the comments overheard this week regarding Sasser:
>I did propose some firewall, but they feel it's too much EUREUREUREUR
And you provided some sort of analysis showing potential losses due to
the lack of a security infrastructure, right?
>> Will they learn from history? Only history will tell.
>I'm pretty sure they won't. Even most tech guys don't have a clue.
Evidently, thanks for your example.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html