Re: Patching isn't enough
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 07/01/04
- Next message: Ed Walters [MSFT]: "RE: Boot problem 0xB8 related to Exchange"
- Previous message: Ed Walters [MSFT]: "RE: 0x41 MUST_SUCCEED_POOL_EMPTY"
- In reply to: root: "Re: Patching isn't enough"
- Next in thread: Chad A. Gross [SBS MVP]: "Re: Patching isn't enough"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 30 Jun 2004 19:01:26 -0700
Root? Go into the Security newsgroup where on a daily basis they are
telling people how to unhijack their home page. Now tell me there's
nothing to fear. Go run awaware and spybot on any home computer and you
tell me there's not an issue going on today.
Gimme a break Root. If this wasn't an issue why do we need adaware and
spybot programs?
Secunia - Products - Microsoft Internet Explorer 6:
http://secunia.com/product/11/
97% of issues are REMOTE based.
Secunia - Products - Microsoft Internet Explorer 6:
http://secunia.com/product/11/
On June 20th websites began to see infections
SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And
Alert System - Current Infosec News and Analysis:
http://www.incidents.org/diary.php?date=2004-06-24&isc=4eb70bdc94fe31f51ae17ec66d6b26bc
It was not detected and blocked before it passed go.
Andrew -- there's an IE reg fixer on this site
eEye Digital Security - Vulnerability Management Solutions:
http://www.eeye.com/html/research/alerts/AL20040610.html
root wrote:
> Now with all this chicken little and hair tearing stuff, no one has
> specified with all this massive terror attack the world suffered in the last
> week whether there was any actual damage/penertrations beyond just a few
> machines. Was it all bark and NO BITE? I heard it was detected and blocked
> before it passed go! There's nothing to fear except fear itself!
>
> "Andrew M. Saucci, Jr." <spam-only@2000computer.com> wrote in message
> news:%23xB53ZwXEHA.2408@tk2msftngp13.phx.gbl...
>
>>>From message I posted here October 11, 2003:
>>
>> "I guess what I've been trying to explain is that I just don't
>>have faith that being fully patched and updated is going to protect me
>>adequately from here on out. I just don't have that sense of security,
>
> even
>
>>now that I have MS03-039 on almost all of my servers. I still wonder what
>>else remains broken in that massive glob of code we call Windows and
>>Exchange and IIS and SQL and ISA and the rest of it. I feel that I need to
>>be ready for anything, not just what we've already seen."
>>
>>>From message I posted here the following day:
>>
>> "What worries me is that sooner or later the exploit is going to
>>come before the patch. That is when we will need to be able to act
>>instantly."
>>
>>Business Week Online, June 29, 2004, commentary by Stephen H. Wildstrom:
>>
>> "In late June, network security experts saw one of their worst
>>fears realized. Attackers exploited a pair of known but unpatched flaws in
>>Microsoft's Web server software and Internet Explorer browser to
>
> compromise
>
>>seemingly safe Web sites. People who browsed there on Windows computers
>
> got
>
>>infected with malicious code without downloading anything..."
>>
>> Note the key words: "known but unpatched." Next comes "unknown
>
> and
>
>>unpatched." It all goes downhill from here.
>>
>> What's my point? I don't know myself now, except that my clients
>>aren't going to settle for "I had you all patched and updated" as an
>
> excuse
>
>>when their networks go down. Is patching essential? Sure is. Is it enough?
>>Not by a longshot.
>>
>>
>>
>>
>>
>
>
>
-- http://www.sbslinks.com/really.htm
- Next message: Ed Walters [MSFT]: "RE: Boot problem 0xB8 related to Exchange"
- Previous message: Ed Walters [MSFT]: "RE: 0x41 MUST_SUCCEED_POOL_EMPTY"
- In reply to: root: "Re: Patching isn't enough"
- Next in thread: Chad A. Gross [SBS MVP]: "Re: Patching isn't enough"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
