> -----Original Message----- > From: Montana Tenor [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 21, 2003 3:05 PM > To: Schmehl, Paul L > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] No Subject (re: openssh exploit code?) > > I agree with Mitch. Lets say you get an advisory that > a severe thunderstorm may be coming your way. Do you > wait until the wind and rain are blowing inside your > house to close the windows and doors. Do you allow > the kids to keep playing outside? You do the prudent > thing. Instead of trying to brute-force Mitch into > this, think about why doing the right thing to protect > the long term interests of your business is the RIGHT > thing to do.
I flip to the local radar and get some sort of proof that there might be a thunderstorm coming. Talk is cheap (as was said), so its up to the admin to verify if A) there is a real threat B) the threat applies to your systems C) the threat damage is worth the damage of 'unscheduled downtime' (for the analogy challenged: radar = some sort of proof of concept or something of the likes) Of course, I'm just a silly win2k Admin on a 50 pc network which don't run more than a couple uptime sensitive apps, but I think I have the basics down as far as some of this stuff goes. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
