Comments with some snipping for brevity... -----Original Message----- From: Damir Rajnovic [mailto:gausat_private] Sent: Thursday, February 13, 2003 5:44 AM To: pen-testat_private; security-basicsat_private Subject: RE: Vulnebrability level definition <----SNIP----> >You are assuming that IIS is the one running a publicly accessible server. If IIS is used in some remote office deep >within you organization then it is less exposed. Thus, one may not rush to patch this vulnerability but wait some time. Then one would be naively assuming that the only threat to their network is from the "public". Even if you do not have a "malicious" internal user, a poorly secured laptop that gets plugged into a home brodband connection, infected with the 'worm of the week' and then plugged into the internal network could wreak havoc on all of the machines you have decided to wait some time on patching. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Feb 13 2003 - 14:41:35 PST