[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: It's not that simple... [Was: Re: [Full-disclosure] Disney Down?]

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: It's not that simple... [Was: Re: [Full-disclosure] Disney Down?]
From: Peter Besenbruch <prb@xxxxxxxx>
Date: Wed, 17 Aug 2005 09:03:59 -1000

Fergie (Paul Ferguson) wrote:

I'll tell you why -- [snip]

So there you have it -- there's still a LOT of Windows 2000 out there...

Having said that, you also have to realize that from the time the MS05-039 vulnerability was disclose (and the exploit code was released the same day), to the time that very large enterprises had to deploy it was very, very short compared to threats of the past.


When reading Seltzer's article, it's easy enough to see the gaping hole
in his logic. He basically argued that XP and 2003 were not going to be
affected (he appears to be changing his mind on this), and that
corporations that used 2000 all used firewalls. Unfortunately, he failed
to see the effect an infected laptop would have, of bringing an infected
machine inside the perimeter.

-- Micheal Espinola Jr <michealespinola@xxxxxxxxx> wrote:

You [Seltzer] also say, "If it had been International Paper or some
company like that rather than media outlets I suspect it wouldn't be
getting all this attention". While this is likely true, this
exemplifies the need to take security matters more seriously.

I question this a little. First, I haven't heard anything about International Paper, but have heard about SBC, UPS and quite a few others. I also suspect many more companies were severely impacted, but won't step forward to admit it. The news agencies, to their credit, DID admit it and reported it.

...I'm not trying to badger you, but in light of the Disney, CNN, ABC, and The New York Times mishaps (amongst others), I must admit that I'm glad I don't follow your column or style of advise.


No kidding. Nor do I like Seltzer's lack of candor after being caught so
far off base. It's a very human reaction, but one which damages his
credibility and sullies the reputation of eWeek.

--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- It's not that simple... [Was: Re: [Full-disclosure] Disney Down?]
  - From: Fergie (Paul Ferguson)

Prev by Date: Re: [Full-disclosure] Re: pnp worm unknown variant - post infectionactions
Next by Date: Re: [Full-disclosure] [Fwd: Re: Global CompuSearch]
Previous by thread: Re: [Full-disclosure] Re: It's not that simple...
Next by thread: [Full-disclosure] Buffer-overflow in Chris Moneymaker's World Poker Championship 1.0
Index(es):
- Date
- Thread