Schmehl, Paul L wrote:
-----Original Message-----
From: Gary Flynn [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2003 8:06 AM
To: '[EMAIL PROTECTED]'
Subject: Re: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for Windo ws
I would think a better way of determining if a patch is actually installed on a system is by examining the files on the system rather than to depend upon symptoms (scanners) or installation logs (registry entries).
True, but *I'm* not going to physically touch (or even virtually touch) 2000+ machines looking at file properties. Are you?
No. But I might touch 5-10 that claim to be patched but seem to still be vulnerable. :)
-- Gary Flynn Security Engineer - Technical Services James Madison University
Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
