Comments on: Attacks http://security-samizdat.com/attacks/ Information Security, from a pragmatic point of view Tue, 08 Jul 2008 21:32:55 +0000 http://wordpress.org/?v=2.3.1 By: jacko http://security-samizdat.com/attacks/#comment-11 jacko Sat, 24 Feb 2007 13:22:21 +0000 http://security-samizdat.com/attacks/#comment-11 Blind patching is a problem like you describe, Pete. However a good patch management process should take testing, regression bugs and proper risk assessment into account. Proper controls? of course, a proper Change&Configuration Management process and Risk Management process go a long way. Jacko Blind patching is a problem like you describe, Pete. However a good patch management process should take testing, regression bugs and proper risk assessment into account.

Proper controls? of course, a proper Change&Configuration Management process and Risk Management process go a long way.

Jacko

]]> By: pete http://security-samizdat.com/attacks/#comment-9 pete Fri, 23 Feb 2007 17:13:17 +0000 http://security-samizdat.com/attacks/#comment-9 Patching is often the wrong response. It often only fixes one small part of a service without regard to further potential bugs and provides a false sense of security. That is if it doesn't break more while it fixes. The right response is to assure proper controls are in place and to only use hardened servers and services in hostile environments (like the Internet). Patching is often the wrong response. It often only fixes one small part of a service without regard to further potential bugs and provides a false sense of security. That is if it doesn’t break more while it fixes. The right response is to assure proper controls are in place and to only use hardened servers and services in hostile environments (like the Internet).

]]>