> -----Original Message----- > From: Stephen Clowater [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 20, 2003 9:16 AM > To: Schmehl, Paul L; [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] [Fwd: Edwards AFB shut down by > W32Blaster] (fwd) > > And the people who run unix networks, well, the sysadmins > usally are spolied. > They can leave that solaris box running 34 proccessors in the > corner, and > have any other box talk to it without trouble. So when it > goes down, after > sitting in a corner and not being touched physically for > about 2 years,
Spoiled is right. And I have to beat on them severely to get them to understand that they *too* must patch their boxes. It used to be a bragging point to say "my box has been up for 2398 days without a crash". Now it's just a sign of stupidity. *No* OS can go without patching for more than 30 days anymore. It's simply not safe. I'll grant you, Windows is way worse than all the others, and a much bigger PITA besides, but all of them must be patched, regularly, routinely, frequently, or you will be owned. The problem is that way to many *nix admins still think it's OK to be up for 2398 days without patching. (And yes, I *do* know that many patches merely require a kill -HUP. Not all do. You can't use a new kernel until you reboot, and all you need to do is look at the security notices for new kernels to realize that that alone is a regular occurrence.) Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
