|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Web sites compromised by IIS attack
From: Willem Koenings (isec
europe.com)
Date: Fri Jul 02 2004 - 18:55:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > Like I said, Do you REALLY want a vendor to install patches for you?
>
> Absolutely. Have them send a technician ON SITE. Have them STAY and fix
> the product until it is working. (Free of charge mind you... just like
> the free repair of a recalled water pump for your car). If applied
> patches crash the system further, it is the responsibility of that
> technician (representing the vendor) to get it back in working order.
frank, this is not a kindergarden list. this not a housewife support
list. this is a security list, this a full disclousure list. period.
any adequate member of this list should and must apply security fixes
and patches by himself/herself, after testing. if there is no patches
released meanwhile, he/she should be reasonable adequate to take
measures to mitigate attack vectors until fixes is released. allowing
third party technician to access your system and installing unverified
paches is a serious security issue.
willem
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]