Ok, I have to take exception to some of this. Assuming that the majority of SQL servers fall under the purview of security-related staff who subscribe to this list (which is relatively insane as an assumption, off the bat, considering how many applications use MSDE behind the scenes), I still have to take exception. (Which is good, since I'm not sure that the point related to any server-based app anyways.) 1 month is NOT necessarily enough time to test a patch and roll it out. Alright, if the patch works, there are no foulups, there is nothing else to do, and there is no administrative overhead involved (like change control), 1 month is plenty of time. But this is not the case on the planet we call "Earth." What if there's a mission-critical app that doesn't like the patch? (I've seen that a lot of times) What if the change control process alone takes two weeks, just to get the go-ahead to do the patch...and then you have to wait a week just to get to the green zone when you can implement? And what if that green zone has been set aside for other work, and you have to wait ANOTHER week on top of that? And let's not forget, above all else...the bigger the application, the more overhead in doing something like this, and the more bandwidth it will typically have with which to attack other systems if a worm gets a foothold. At least that's my experience. I've seen mission-critical apps that were poorly written, which would fall over if sneezed at, and which therefore had a change control process that makes tax law seem like playing tic-tac-toe. And guess what? This was sitting on colossal bandwidth in a colocation center. In this situation, there were about 5 people who wanted like nobody's business to make sure that the system was properly patched, but it was a nightmare actually getting it done. So please, if you have some suggestion, something constructive to offer, please do bring it forwards; but don't' take this "oh,-I'm-sick-of-all--the-people-who-don't-secure-systems-and-are-lazy" approach, because it just isn't that simple. > -----Original Message----- > From: Bruce Martins [mailto:BMartinsat_private] > Sent: Thursday, August 21, 2003 8:29 AM > To: Valdis.Kletnieksat_private > Cc: incidentsat_private > Subject: RE: Increasing ICMP Echo Requests > > > Well no I don't expect Joe shmoe to know this, but it's the > corporate networks that we are seeing being bogged down, and > helping to spread these worms around, how many Joe shmoes > have SQL ? Most of what I have said the people that are > reading it aren't Joe shmoes. As well win 98 is not affected > by the latest major worm and 98 is no longer being sold with > new machines XP home is, but this list isn't an out reach to > Joe Shmoe and others like him it's to the administrators and > advanced users, many of which know what they are doing and > still don't patch machines or do what they can to protect > themselves and their networks 1 month is more then enough > time to test the patch and roll it out to all of the users on > their network again my 2 cents as I understand a lot are over > worked as it is > > > Bruce Martins > Systems Administrator > EXTEND>>MEDIA > 190 Liberty Street > Toronto, Ontario > Canada > M6K 3L5 > _______________________ > e:bmartinsat_private > t: (416) 535-4222 ext. 2307 > f: (416) 535-1201 > http://www.extend.com > > > -----Original Message----- > From: Valdis.Kletnieksat_private [mailto:Valdis.Kletnieksat_private] > Sent: Wednesday, August 20, 2003 12:37 AM > To: Bruce Martins > Cc: incidentsat_private > > On Tue, 19 Aug 2003 15:43:29 EDT, Bruce Martins said: > > > patches it, the real problem is that some people aren't heading the > > warnings and patching their machines when a patch is released for a > > very serious vulnerability like this one, same thing > happened with the > > > SQL slammer worm, people had more then enough time to test and apply > > this patch but didn't but hey just my 2 cents > > OK.. So this worm does a really nice slash-and-burn if it > gets loose on a nice speedy 100mbit corporate network. But > that's just where it gets the > *initial* burn, it's not where its staying power is going to be... > > Hmm... How many copies of Win98 and later has MS sold? Hint > - a LOT of them aren't corporate, they're being sold to Joe > Sixpack on that machine they just bought at Walmart or Circuit City. > > And remember - Joe Sixpack is still fuzzy on the idea that > the Internet and the Web are two different things. Do you > *REALLY* expect him to read MS03-026 and understand what it > *REALLY* means? > > > -------------------------------------------------------------- > ------------- > Attend Black Hat Briefings & Training Federal, September > 29-30 (Training), > October 1-2 (Briefings) in Tysons Corner, VA; the world's premier > technical IT security event. Modeled after the famous Black > Hat event in > Las Vegas! 6 tracks, 12 training sessions, top speakers and > sponsors. > Symantec is the Diamond sponsor. Early-bird registration > ends September 6.Visit us: www.blackhat.com > -------------------------------------------------------------- > -------------- > > --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 26 2003 - 08:12:43 PDT