I thought Rolexes were waterproof.... John W. Cook Systems Administrator Partnership for Strong Families
________________________________ From: Michael B. Smith <mich...@smithcons.com> To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> Sent: Fri Aug 20 10:42:54 2010 Subject: RE: 200 + Windows applications trivial to exploit bugs Why is a watch in his pocket to start with? Anyway… Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, August 20, 2010 9:58 AM To: NT System Admin Issues Subject: Re: 200 + Windows applications trivial to exploit bugs It's the old adage where a guy leaves his expensive Rolex in his trouser pocket, and his wife picks the trousers up, doesn't check the pockets, and ruins his Rolex in the washing machine. They both blame each other for the damage and subsequent loss. How can you mitigate against it happening again? Well, the only way is to make sure that he checks his pockets before putting the trousers in the washing pile, and she checks the pockets before putting the garment in the washing machine. It might be a wasteful duplication of effort, but it's the only way to be sure the fiscal loss doesn't happen again. It's a good way of getting execs to see that email filters, desktop antivirus, software restriction policies and the like are all necessary, and are not all just doing the same thing. On 20 August 2010 14:51, Kim Longenbaugh <k...@colonialsavings.com<mailto:k...@colonialsavings.com>> wrote: I guessed I’ve missed the “Rolex…� thing, and google turns up, well, googles of hits. Want to enlighten me? From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>] Sent: Friday, August 20, 2010 8:41 AM To: NT System Admin Issues Subject: Re: 200 + Windows applications trivial to exploit bugs Hehe...no, but the constant questioning from my superiors about the business need to have a multi-layered defense always winds me up. I like to have something to bite back with as much as possible. The old "Rolex in the washing machine" analogy still shuts them up though. On 20 August 2010 14:27, Andrew S. Baker <asbz...@gmail.com<mailto:asbz...@gmail.com>> wrote: It took you this long to feel vindicated? :) ASB (My XeeSM Profile)<http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... Signature powered by WiseStamp<http://www.wisestamp.com/email-install> On Fri, Aug 20, 2010 at 9:19 AM, James Rankin <kz2...@googlemail.com<mailto:kz2...@googlemail.com>> wrote: It's times like this that I finally feel vindicated in pushing hard for a defense-in-depth strategy On 20 August 2010 14:14, Andrew S. Baker <asbz...@gmail.com<mailto:asbz...@gmail.com>> wrote: Can't wait to see the wide ranging list of apps. You know, unless all the vendors patch at the very same time, or unless Microsoft (or someone else) provides an extra mitigation at the OS level, as soon a few of these are patched, the malware writers will figure out how to exploit it for at least some of the applications, and it's going to be one batch of chaos. ASB (My XeeSM Profile)<http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... Signature powered by WiseStamp<http://www.wisestamp.com/email-install> On Fri, Aug 20, 2010 at 8:29 AM, Ziots, Edward <ezi...@lifespan.org<mailto:ezi...@lifespan.org>> wrote: http://www.theregister.co.uk/2010/08/20/windows_code_execution_vuln/ HD Moore: Critical bug in 40 different Windows apps | ZDNet: http://www.zdnet.com/blog/security/hd-moore-critical-bug-in-40-different-windows-apps/7188?tag=nl.e589 SecurityFocus: http://www.securityfocus.com/archive/1/513190 Let the patching pain begin… looks like its going to be a seriously bumpy ride for the next few months as these are vetted, and patches produced. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org<mailto:email%3aezi...@lifespan.org> Cell:401-639-3505 -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ________________________________ CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
