Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Getting Off the Patch
From: Christian Sciberras <uuf6429 () gmail com>
Date: Wed, 19 Jan 2011 10:16:47 +0100

Ah, but that is YOUR argument. They don't seem to agree with it.

Heck if they did, every single word so far would have been completely
unnecessary, since layering security is what we've done ever since the first
knife was invented!







On Wed, Jan 19, 2011 at 10:13 AM, Cal Leeming [Simplicity Media Ltd] <
cal.leeming () simplicitymedialtd co uk> wrote:

Christian,

There is no 'direct alternative' as we have already established that there
is no "be all and end all" for security, it's when you layer these factors
on top of each other that it becomes more effective.

On Tue, Jan 18, 2011 at 11:45 PM, Christian Sciberras <uuf6429 () gmail com>wrote:

I'm getting a bit annoyed reading over and over arguments which I've
highlighted some time ago anyway (
http://www.mail-archive.com/full-disclosure () lists grok org uk/msg44454.html
).

The real question, what is the *direct* alternative to patching?

Don't say "sandboxing" because it doesn't always work.
And don't tell me about only installing the system critical issues only -
that's called "update by priority".
Also, please remember that we are talking against patching, not discussing
where patching works(/ is better) or not so I would expect any serious
arguments to completely exclude patching.

Regards,
Chris.






On Tue, Jan 18, 2011 at 9:05 PM, coderman <coderman () gmail com> wrote:

On Tue, Jan 18, 2011 at 11:43 AM, phocean <0x90 () phocean net> wrote:
... how is this new ? It has been the best
practice of good system/security administrators for years.

And it doesn't look like a "no patching" policy yet...


sure, .. though you've made me sad considering how few organizations
do "best practice, good system/security administration".

not new, still difficult?   (~_~;)


 that leaves consensus:
   "no patching" elusive, yet to be observed in real-world. (e.g.
yeti or bigfeets)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]