Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: AW: [Full-Disclosure] no more public exploits

from [Blake Wiedman] Network Security [Permanent Link]
Subject: RE: AW: [Full-Disclosure] no more public exploits
Date: Wed, 28 Apr 2004 18:16:23 -0400 
Just a bit of info.

Military patching usually adheres to the following standard (I was in
the Air Force so when I state military I mean AF)

1. Microsoft releases a patch.

2. DISA reviews it

3.  Either the same day or longer DiSA informs local MAJCOM NOC's

4.  Local MAJCOM NOCS receive the patch notification and a deadline for
applying the patch.

5. The patch can either be received from DISA if provided or if not
provided downloaded directly from Microsoft.

6. S.A's and MAJCOM NOCS must give status report as to which machines
were updated and which were not.

7. Status and patch implementation is entered into monthly metrics.

This is a very basic over view.

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Ng, Kenneth
(US)
Sent: Wednesday, April 28, 2004 5:37 PM
To: 'Bernard J. Duffy'; full-disclosure@lists.netsys.com
Subject: RE: AW: [Full-Disclosure] no more public exploits

The military does have a lot of rules, some are followed more than
others.
A friend got about 20 copies of the Melissa email worm on a computer
that
was on a network that was supposed to be completely isolated from the
outside.  How much you wanna bet someone decided to save a few dollars
by
dual honing a few pc's?  Heck, I've seen someone dual hone a NT4 box
with
every service known to man turned on, zero patches, TO THE INTERNET.
Thank
god he didn't have the right default route.

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Bernard J.
Duffy
Sent: Wednesday, April 28, 2004 3:38 PM
To: full-disclosure@lists.netsys.com
Subject: Re: AW: [Full-Disclosure] no more public exploits


Are you saying that the military has standardized best practices that
mandate the immediate installation of vendor OS patches? If they do, I
highly doubt that such policies are widely adhered to.

The fact is, quickly released security patches can and often do break
applications, particularly when the system configuration is less
common. Ask any Windows NT administrator about that.

I would venture to guess that you would not be a happy camper if the
IT organization supporting the systems that process your payroll or
banking applied code fixes without a robust testing procedure.

Bernard Duffy
bduffy@nycap.rr.com

On Wed, 28 Apr 2004 13:13:04 +0800, tcleary2@csc.com.au
<tcleary2@csc.com.au> wrote:


Cael Abal said:


Realistically,the lack of a widespread published exploit means an
attack on any given machine is less likely.  An admin who chooses
to ignore these probabilities isn't looking at their job with the

right

perspective.

You missed the "IMHO".

In the Military your generalisation is probably not a self evident

truth.


To quote another posters sig. "Knowing what you don't know is more
important
than knowing what you know." and I would add that that's because what

you

do know you can try to deal with.

Enough of the philosophy class.

Regards,

tom.


------------------------------------------------------------------------
----
------------

Tom Cleary - Security Architect

"In IT, acceptable solutions depend upon humans - Computers don't
negotiate."


------------------------------------------------------------------------
----
------------

This is a PRIVATE message. If you are not the intended recipient,

please

delete without copying and kindly advise us by e-mail of the mistake

in

delivery. NOTE: Regardless of content, this e-mail shall not operate

to

bind CSC to any order or other contract unless pursuant to explicit
written agreement or government initiative expressly permitting the

use of

e-mail for such purpose.


------------------------------------------------------------------------
----
------------




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


************************************************************************
*****
The information in this email is confidential and may be legally
privileged.
It is intended solely for the addressee. Access to this email by anyone
else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying,
distribution
or any action taken or omitted to be taken in reliance on it, is
prohibited
and may be unlawful. When addressed to our clients any opinions or
advice
contained in this email are subject to the terms and conditions
expressed in
the governing KPMG client engagement letter.         
************************************************************************
*****

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] MDKSA-2004:038 - Updated sysklogd packages fix vulnerability, Mandrake Linux Security Team
Next by Date:  RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Stuart Fox (DSL AK)
Previous by Thread:  RE: AW: [Full-Disclosure] no more public exploits, Ng, Kenneth (US)
Next by Thread:  RE: [Full-Disclosure] no more public exploits and general PoC gui de lines, kquest
Indexes:  [Date] [Thread] [Top] [All Lists]