Excellent, thanks
From: James Rankin [mailto:[email protected]] Sent: Friday, August 20, 2010 8:58 AM To: NT System Admin Issues Subject: Re: 200 + Windows applications trivial to exploit bugs It's the old adage where a guy leaves his expensive Rolex in his trouser pocket, and his wife picks the trousers up, doesn't check the pockets, and ruins his Rolex in the washing machine. They both blame each other for the damage and subsequent loss. How can you mitigate against it happening again? Well, the only way is to make sure that he checks his pockets before putting the trousers in the washing pile, and she checks the pockets before putting the garment in the washing machine. It might be a wasteful duplication of effort, but it's the only way to be sure the fiscal loss doesn't happen again. It's a good way of getting execs to see that email filters, desktop antivirus, software restriction policies and the like are all necessary, and are not all just doing the same thing. On 20 August 2010 14:51, Kim Longenbaugh <[email protected]> wrote: I guessed I've missed the "Rolex..." thing, and google turns up, well, googles of hits. Want to enlighten me? From: James Rankin [mailto:[email protected]] Sent: Friday, August 20, 2010 8:41 AM To: NT System Admin Issues Subject: Re: 200 + Windows applications trivial to exploit bugs Hehe...no, but the constant questioning from my superiors about the business need to have a multi-layered defense always winds me up. I like to have something to bite back with as much as possible. The old "Rolex in the washing machine" analogy still shuts them up though. On 20 August 2010 14:27, Andrew S. Baker <[email protected]> wrote: It took you this long to feel vindicated? :) ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... Signature powered by WiseStamp <http://www.wisestamp.com/email-install> On Fri, Aug 20, 2010 at 9:19 AM, James Rankin <[email protected]> wrote: It's times like this that I finally feel vindicated in pushing hard for a defense-in-depth strategy On 20 August 2010 14:14, Andrew S. Baker <[email protected]> wrote: Can't wait to see the wide ranging list of apps. You know, unless all the vendors patch at the very same time, or unless Microsoft (or someone else) provides an extra mitigation at the OS level, as soon a few of these are patched, the malware writers will figure out how to exploit it for at least some of the applications, and it's going to be one batch of chaos. ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... Signature powered by WiseStamp <http://www.wisestamp.com/email-install> On Fri, Aug 20, 2010 at 8:29 AM, Ziots, Edward <[email protected]> wrote: http://www.theregister.co.uk/2010/08/20/windows_code_execution_vuln/ HD Moore: Critical bug in 40 different Windows apps | ZDNet: http://www.zdnet.com/blog/security/hd-moore-critical-bug-in-40-different -windows-apps/7188?tag=nl.e589 SecurityFocus: http://www.securityfocus.com/archive/1/513190 Let the patching pain begin... looks like its going to be a seriously bumpy ride for the next few months as these are vetted, and patches produced. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] <mailto:email%[email protected]> Cell:401-639-3505 -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
