dcsimg
Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Do posting Vulnerability's really help

  1. #11
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    It is certainly true that admin people should apply patches as soon as they are available, but in some cases this is too late!
    You get quite a few who don't even bother to do that.
    I was interested in MsMittens post about MS not publishing info on security loopholes (nothing to do with WindowsXP surely?). IBM tried this approach a few years ago (on their mainframe systems), but changed their policy when their users (mainly large companies) complained.

  2. #12
    Junior Member
    Join Date
    Aug 2001
    Posts
    28
    I strongly support the publishing of vulnerabilities as long as proper protocol is observed.Although true that it may be used in a malicious manner after publishing,chances are it already is being used.Case in point-the debate over the "Code Red" virus and the IIS vulnerabilty.The vulnerabitiy was uncovered,not discovered by Eeye Digital Security and was so stated in their advisory.The advisory was published after the software manufacturer had made public a patch.Thus stressing the importance of admins to keep up to date on security patches(yes,I know,easier said than done-we all are running a heavy work load).It's a catch-22......publish it,and have it used maliciously( which it probably already is or will be) or keeping it quiet and depending on the software manufacturerers to 1.make a patch 2.make the patch available in a timely manner.I think making the problem public expidites the availability of a patch.....stimulates discussion and further analysis about the problem,thus hearing different view points.....and hopefully stresses the importance of good sound security practices,which cannot be ignored any longer-none of us has that luxury any longer.The threats are out there,always have been and probably always will be.....keeping them under wraps and "hush,hush" will not make them go away.
    \"He who fights with monsters should look to it that he,himself,does not become a monster....when you gaze long into the abyss,the abyss also gazes into you\"

    Friedrich Nietzche

  3. #13
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Post

    Originally posted by ronin13
    IThus stressing the importance of admins to keep up to date on security patches(yes,I know,easier said than done-we all are running a heavy work load).It's a catch-22......
    To some degree, yes it is a catch-22. To others its plain ignorance. One of the games I play online uses a Win2K machine with SQL 7/2000 (not sure which) and ISA. Almost two months after Code Red was discovered and being yapped wildly in the news they were just "discovering" this new "virus". I was shocked.

    I suppose I find it hard to understand how admins can be online, running things online and not know about what goes on. My time as admin was busy and I would spend every morning while having breakfast reading through latest happenings. Most of the time it was simply skimming headlines to see what looked interesting and what might be of concern.

    But that's just MHO.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #14
    Junior Member
    Join Date
    Aug 2001
    Posts
    28
    I totally agree with you,msmittens.You,I,and many others take the time to try and stay informed.....as you've stated, but unfortunately there are many others who don't as was proved with the whole Code Red mess.I'm certainly not defending them,I'm as aghast as you that this situation exists.This is a subject that no net admin should be remiss in and until all take a more serious interest,these kinds of things will continue to happen......irregardless of full disclosure or not.
    \"He who fights with monsters should look to it that he,himself,does not become a monster....when you gaze long into the abyss,the abyss also gazes into you\"

    Friedrich Nietzche

  5. #15
    it's kind of funny this question even got asked... (no offense intended freeOn) just look at the motto underneath Antionline.com at the top of the page...

    what is unfortunate is that not everbody sees the vulnerabilities as soon as they're discovered so they could take immediate countermeasures to negate the window of opportunity that exists to the h/cr/ackers that are usually just discovering the postings themselves and go off on their merry way to try and exploit it. the vast majority of these people aren't good enough to find exploits themselves and are living off the ones that are.
    I\'d rather have a bottle in front of me than a frontal lobotomy.....

    Cyanide cocktail anyone? (with a pineapple twist, of course..)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •