On Fri, 2003-10-31 at 16:50, Beaty, Bryan wrote: > Correct me if I am wrong but...
I'll be glad to. > > I believe every worm listed below could have been prevented had everyone > patched their systems. > I would like the security community to take more responsibility for > their own (in)actions. If you were hit by Blaster then you failed to > enforce a good patch management policy. Who's fault is that? Patch > management is boring and so we often ignore it. Hackers and worms simply > take advantage of our laziness. I guess blaster could be a form of > social engineering. "I know admins don't patch so I can write a worm and > kill the world." Since you directed this to the "security community" it seems you are speaking to IT folk and not end users. I **cannot** apply MS patches till they go through quite a bit of testing. I have been bitten with production boxes that are rendered unusable after a round of MS patches. We are a BSD/Linux shop with just a few MS boxes but it still takes a lot of time to make sure the patch(es) will work with various configurations and applications. I **shudder** to think what orgs that are all MS have to do to deploy patches. Who's fault is that? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
