Thanks for the links, Derek. Starting from Randall's page at stonehenge.com
it took me only a few links to confirm my previous impression that Randall
was guilty of violating both the letter and the spirit of the law. Now I've
seen primary sources that validate the previous indirect commentary I
I don't think that this is minor at all. There are all sorts of ways to
automate a majority of security updates. I use apt-get with
security.debian.org in a cron job on a nightly basis to make sure that
my system is up to date on a large number of packages. Of course, this
doesn't cover everything
On Fri, Mar 23, 2001 at 08:31:49PM -0500, Derek D. Martin <[EMAIL PROTECTED]> wrote:
> There are lots of reasons for people to not have these things fixed.
> The largest one is ignorance. You can't fix something you don't even
> know is broken.
Minor nit pick, but in some cases you can. I h
I must say that this was extremely well thought out, and excellently
stated. I, for one, do not think that Derek is a doomsdayer. Everything
is a risk, especially in the computer world. That is why every choice
needs to be carefully weighed in terms of risk analysis. However, it's
my belief that i
On Fri, Mar 23, 2001 at 08:31:49PM -0500, Derek D. Martin wrote:
> On Fri, Mar 23, 2001 at 06:31:12PM -0500, Kenneth E. Lussier wrote:
> > Schneier said it best when he said " Anyone who believes that
> > reactionary security measures are sufficient is either ignorant, blind,
> > or management".
On Fri, Mar 23, 2001 at 06:31:12PM -0500, Kenneth E. Lussier wrote:
> OK, I could accept that. Except that it's two months old. I can see
It doesn't matter if a vulnerability is two months old or 6 years old.
Many system administrators either simply don't know anything about
system security (a sa
OK, I could accept that. Except that it's two months old. I can see
being a week, maybe two weeks (at the most) behind in security updates,
but not two months. Besides, keeping up on security issues and taking
appropriate action is part of the job. If a sysadmin isn't doing that,
then they aren't
In a message dated: Fri, 23 Mar 2001 15:44:56 EST
"Kenneth E. Lussier" said:
>This worm just shouldn't be able to damage a site. If it does, then that
>is an easy way to spot the sysadmins that aren't doing their jobs.
Or, an easy way to spot and overworked, underpaid admin who doesn't
have ti
The one thing that bothers me about this is that the vulnerability that
they are exploiting was patched almost two months ago. The day that the
vulnerability was announced, there was an easy fix: upgrade BIND to
8.2.3-REL. I did 5 servers in under an hour, and with no interruption to my
user
Several experts from the security community worked through the night to
decompose the worm's code and engineer a utility to help you discover
if the Lion worm has affected your organization.
Wow -- *I've* always wanted to decompose a worm's code; Mother Nature
strikes again! Seriously, though, t
FYI
Dave Hardy
Systems Manager/DBA
Vermont Health Care Administration
89 Main Street
Drawer 20
Montpelier, VT 05620-3101
802-828-2914
FAX: 802-828-2949
[EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
March 23, 2001 7:
11 matches
Mail list logo
