[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Web sites compromised by IIS attack

To: Ron DuFresne <dufresne@xxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Web sites compromised by IIS attack
From: Jason Coombs <jasonc@xxxxxxxxxxx>
Date: Sun, 04 Jul 2004 11:01:04 -1000

frank, this is not a kindergarden list. this not a housewife support
list. this is a security list, this a full disclousure list. period.

It also is not a list for the benefit exclusively of people who are fortunate enough to have simple security problems. The security issues surrounding the question "how do I keep my home computer safe from attack?" are trivial compared to those surrounding the question "how do I keep the 200,000 computing devices worldwide within my organization from being owned and then attacking each other?"

Anyone with a truly complex security problem knows that it is hopeless to ever really control many computers in the presence of many people. You have no choice in a complex situation but to let things happen that you think are beneficial to you (the vendor installing patches, in this discussion) and find a way, after the fact, or periodically, to confirm that the end result was in fact beneficial to you.

Sincerely,

Jason Coombs
jasonc@xxxxxxxxxxx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Web sites compromised by IIS attack
  - From: Ron DuFresne

Prev by Date: [Full-Disclosure] [ GLSA 200407-04 ] Pure-FTPd: Potential DoS when maximum connections is reached
Next by Date: Re: [Full-Disclosure] Gmail Information Disclosure Vulnerability
Previous by thread: Re: [Full-Disclosure] Web sites compromised by IIS attack
Next by thread: Re: [Full-Disclosure] Web sites compromised by IIS attack
Index(es):
- Date
- Thread