
Full Disclosure mailing list archives
Re: Getting Off the Patch
From: "Phil" <phil () jabea net>
Date: Wed, 19 Jan 2011 22:42:31 -0500
Its too easy to update server OS, thats the problem for why everyone just talk about server OS. Like for cisco gear, the client need to know that hes unsecure and he need someone registered on cisco web site in its IT team to have access to the patch... For hp gear I updated you need a tftp or a serial cable with a equipement near... heh, thats really complicated to update...... (harder than clicking next.. haha) In windows, the magic update service automatically flag the admin so its stupid proof. And if you fear to install any patch, then you can even go virtual and snapshot your server before. (now its really zombie proof) A luck that SOX 404 exist for security consultant De : full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] De la part de Pete Smith Envoyé : 19 janvier 2011 21:06 À : Thor (Hammer of God) Cc : Cor Rosielle (cor () Outpost24 nl); full-disclosure () lists grok org uk Objet : Re: [Full-disclosure] Getting Off the Patch All, I agree with most of the stuff that Thor has been saying and from what I have read this has mostly been centred around patching software on servers. However most large companies take the don't patch or patch infrequently stance when it comes to network infrastructure, Cisco, Juniper, 3COM, HP and other large network infrastructure companies by no means have a clean record when it comes to vulnerabilities in their software but yet businesses will often not patch even in environments that are highly redundant and can be rebooted with no or little impact. Can anyone seriously say that they patch every time Cisco releases a new version of IOS?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Getting Off the Patch, (continued)
- Re: Getting Off the Patch Cor Rosielle (Jan 19)
- Re: Getting Off the Patch Valdis . Kletnieks (Jan 19)
- Re: Getting Off the Patch cpolish (Jan 19)
- Re: Getting Off the Patch Valdis . Kletnieks (Jan 19)
- Re: Getting Off the Patch Thor (Hammer of God) (Jan 19)
- Re: Getting Off the Patch Thor (Hammer of God) (Jan 19)
- Re: Getting Off the Patch Cor Rosielle (Jan 19)
- Re: Getting Off the Patch Pete Smith (Jan 19)
- Re: Getting Off the Patch Cal Leeming [Simplicity Media Ltd] (Jan 19)
- Re: Getting Off the Patch Cal Leeming [Simplicity Media Ltd] (Jan 19)
- Re: Getting Off the Patch Phil (Jan 19)
- Re: Getting Off the Patch Tracy Reed (Jan 19)
- Re: Getting Off the Patch Pete Smith (Jan 19)
- Re: Getting Off the Patch Valdis . Kletnieks (Jan 20)
- Re: Getting Off the Patch Procmail (Jan 18)
- Re: Getting Off the Patch Pete Herzog (Jan 17)
- Re: Getting Off the Patch Pete Herzog (Jan 17)
- Re: Getting Off the Patch Thor (Hammer of God) (Jan 17)
- Re: Getting Off the Patch Григорий Братислава (Jan 17)
- Re: Getting Off the Patch Pete Herzog (Jan 17)
- Re: Getting Off the Patch Thor (Hammer of God) (Jan 17)