On Tue, 28 Jan 2003 09:33:15 -0500 gabriel <[EMAIL PROTECTED]> wrote:
> On January 28, 2003 07:42 am, Robert P. J. Day wrote: > > 1) MS software is nororiously insecure and is largely > > responsible for the insecurity of the current IT > > infrastructure, or > > > now i'm not a fan of micros~1, but i feel that i have to check this > statement for accuracy. in cases like "the sql slammer" the one at > fault is definately not the author of the software, but rather the > halfwit who's running it unpatched. as i understand it, micros~1 had > released a patch for mssql months ago, and this virus is only > attacking the boxes that have yet to be patched. > > just think about what the internet would be like if there were > millions of linux users running 3year-old versions of apache & > mysql... i would propose that it's not just microsoft's inability (or > unwillingness) to get their sh*t together, but also the ineptitude of > these "sysadmins" that insist on running this software and don't know > (or don't care to know) how to patch it... 1) The original patching was a convoluted mess, requiring moving files, editing the registry manually, and a whole warehouse full of other things. Several of those items would have rendered a system unbootable (this _IS_ MICROS~1, so rebooting in inevitable) with a small mistake. Sorry, I don't have a link because I didn't think to save it. But it was an AP story, I believe. A better patch, one that took an approach that left a lot less to chance, was just released a few days ago. Right as things thing was taking off good. While this story isn't about that, it makes reference to the re-release, _AFTER_ things were already running amok: http://www.techtv.com/news/security/story/0,24195,3415704,00.html 2) The saps that couldn't code it right were also the clowns that couldn't even use their own patches. Poor admin work? Not keeping upp with the patching that's available? Pot, meet kettle? http://news.com.com/2100-1001-982305.html http://www.cnn.com/2003/TECH/biztech/01/28/microsoft.worm.ap/index.html 3) In an article (which I didn't read myself, so I can't guarantee it even exists), CNN supposedly outlined cases where systems were patched and showed it, they took a hit, they were cleaned, and they still showed being patched. This was supposedly with the new one. Is it true? It has the ring of truth that often accompanies such failures on the part of Micro-Soft. But I have no idea if it is real or fabrication. (For that matter, being from CNN means it could be fabricated even if they actually wrote such an article.) Perhaps there are times when the one that should take the brunt of the blame is the obvious party. -- /etc/passwd is full -- go away! -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
