>With regards patching systems: have you ever worked in a *real* operations post? Have >you ever had developers of your main product say to you "no you can't upgrade to SP6a >as it's break the main engine". No matter how much you beg and plead to get this >fixed they don't have the resources. What you gonna say? "Fuck you then I'm >unplugging the Live servers"?
If you are working with developers who refuse to patch software for security reasons, then you arnt working in a *real* operations post. You are working at a post where you would like to think you are working operations so yes, you proberly could get away with unplugging servers. >That maybe ok for you with your funky little OpenBSD box at home running nothing that >your toolz and acting as a router for your little sister to AIM through, but here in >the real world we have to deal with testing cycles, buggy code, patches that don't >behave as advertised, uptime clauses in contracts, being forced to run damn Windows >because that's what the Management want and having to support some shitty but crucial >piece of code written in VB. Then you arn't payed to do security. Get your contract updated and go back to calling yourself helpdesk. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
