Firewall Wizards: Re: concerning ~el8 / project mayhem

[Barney Wolff <barney () tp databus com>]

Somehow this seems to assume that the only attacks are DoS.  Even
the CFO can think of worse possibilities.

I'm really bemused by this whole thread.  When a hole is published,
do people really wait for reports of exploits before patching?  Sure,
you might not do the patch/upgrade in the middle of prime shift
today, with no prior testing.  But somebody had better be evaluating
your tradeoffs among the risks of exploitation, buggy patches, endless
churn of user desktops, and so on.

Unfortunately, it's often not the security industry that finds the
vulnerable code.  It's not as though the white-hats could suddenly
all agree that no more holes will be found.  What exactly are you
asking for?

On Mon, Aug 19, 2002 at 07:05:46PM +0000, Tina Bird wrote:
> This has become a major credibility issue for the security industry.
> We've spent years of time and energy finding vulnerable code, creating
> patches and workarounds for the problems, and in some if not many cases
> really reducing the chances that a particular network will be compromised.
>
> But put your (well loved) CFO or other high level executive hat on.  For
> the vast majority of these individuals, even during a high-impact event
> like Nimda or SirCam or Melissa, >>their own machines and networks<< were
> relatively unimpacted.  This is clearly an over-simplification, and
> neglects the vast amounts of time and energy it took to repair the damage
> from those attacks.  But Ms. CFO-of-Fortune-500-company was >>mostly<<
> able to read her email and get to the Web sites she cared about during those
> attacks.
-- 
Barney Wolff
I'm available by contract or FT:  http://www.databus.com/bwresume.pdf
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards