RE: [ISN] Security holes aren't being filled

From: InfoSec News (isnat_private)
Date: Thu Nov 21 2002 - 23:20:48 PST

  • Next message: InfoSec News: "[ISN] Happy Thanksgiving!"

    Forwarded from: elizabeth.lee.contractorat_private
    
    I submit that it is not always the adminstrators who impede the
    application of security patches to systems.  In distributed
    environments, interested parties of various levels of authority must
    be contacted, cajoled and convinced that patch application is
    necessary.  I have seen it happen far too often.  Those who do not
    receive the BugTraq or CERT email, who don't visit security websites,
    who say "Isn't that why we have a firewall?" -- they never believe it
    will happen to them so they refuse to allow downtime.
    
    True is true.
    
    -----Original Message-----
    From: InfoSec News [mailto:isnat_private]
    Sent: Wednesday, November 20, 2002 12:01 AM
    To: isnat_private
    Subject: [ISN] Security holes aren't being filled
    
    
    http://zdnet.com.com/2100-1105-966398.html
    
    By Robert Lemos 
    Special to ZDNet News
    November 19, 2002, 
    
    System administrators are still not patching systems frequently
    enough, according to a recently published study of a software security
    flaw that allowed the Linux Slapper worm to spread.
    
    In fact, even after the Slapper worm highlighted the existence of a
    vulnerability in the Web security software known as OpenSSL, three out
    of 10 systems that had the flaw continue to be vulnerable even today,
    said Eric Rescorla, an independent security consultant.
    
    "Administrators aren't as responsive as they should be," he said.  
    "Even after a relatively serious hole is found, administrators don't
    do the right things."
    
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 10:18:14 PST