[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: AW: [Full-Disclosure] no more public exploits
- To: "'Bernard J. Duffy'" <bduffy@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx
- Subject: RE: AW: [Full-Disclosure] no more public exploits
- From: "Soderland, Craig" <craig.soderland@xxxxxxx>
- Date: Wed, 28 Apr 2004 22:10:24 +0200
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx [mailto:full-disclosure-
> admin@xxxxxxxxxxxxxxxx] On Behalf Of Bernard J. Duffy
> Sent: Wednesday, April 28, 2004 3:38 PM
> To: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: Re: AW: [Full-Disclosure] no more public exploits
[Soderland, Craig] Much Stuff filtered.
> I would venture to guess that you would not be a happy camper if the
> IT organization supporting the systems that process your payroll or
> banking applied code fixes without a robust testing procedure.
[Soderland, Craig] I'd be even less happy if my banking institution, or payroll
department got hacked. A delay in getting to my accounts I can live with, and
complete cleaning out I cannot.
The long and short of it is, you can patch, and break something, however if you
go that route you can also back it out.
You can not patch, and be at someone else's mercy and perhaps not know what
they have done or how to fix short of a rebuild.
Me, well I prefer to maintain the illusion of being the master of my own
destiny.
Besides I've seen the time and effort required, if you do get hit, as opposed
to the time and effort required to patch. I'll take the easy way out and patch.
----------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html