The issue here isn't the number of updates at all, it's the number of
updates that require a reboot (being that it's the reboot that
triggered the deluge of logins). The number of linux patches that
require a reboot are pretty ridiculously small compared to windows.
Mac OSX is probably somewhere in the middle, but that's just a guess.
--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061
On Aug 20, 2007, at 12:07 PM, Larry Seltzer wrote:
This has nothing to do with the number of updates, but the fact that
everyone was applying them at roughly the same time. They could have 1
update a month on their regular schedule and the effect, from Skype's
standpoint, would be the same.
And some would dispute your claims about the number of updates
(http://blogs.technet.com/security/archive/2007/08/16/july-2007-
operatin
g-system-vulnerability-scorecard.aspx ), at least as compared to the
competition. Do MacOS and RedHat have too many updates too?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Monday, August 20, 2007 11:17 AM
To: [email protected]
Subject: RE: [funsec] Did Windows Update take out the Skype network?
Here's the official Skype blog entry on the meltdown:
http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html
In my book, there are way too many security patches for Windows. The
Skype meltdown is an example of collateral damage.
Another problem that I've seen with Microsoft Update since the
beginning
of this summer is that a collection of Office 2003 patches fail to
install and everytime I reboot my computer Microsoft Update
attempts the
install again and fails again. I'm never notified of these
failures and
I'm not sure how to fix the problem in order to secure my system.
Richard
I hope they don't have the gall actually to blame Microsoft for it.
Obviously it's a flaw in their network, and shows a hole in their own
testing.
Perhaps it's also an indication that more Windows users are updating
more quickly.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:funsec-
[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Monday, August 20, 2007 10:26 AM
To: [email protected]
Subject: [funsec] Did Windows Update take out the Skype network?
http://blog.wired.com/monkeybites/2007/08/windows-update-.html
Skype is finally back online after a massive two-day outage which
began on Thursday, August 16th and rendered the VoIP service useless
for an estimated 220 million users. As we reported on Friday, Skype
has denied charges that the outage was the result of an attack, but
the company delayed an official explanation until today.
According to Skype the outage was caused by a massive number of users
restarting their machines, which flooded the Skype network with login
requests. Skype blames the restarts on Windows Update, presumably
large numbers of users rebooting after installing this month's "Patch
Tuesday"
Windows patches.
...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
