List,
I thought I would post a copy of this email for critical review.
Names and places omitted for anonymity:
*************
"I will be updating the [censored] servers for Microsoft Security Vulnerability [date censored].
"I have coordinated this time with [censored], who will post an announcement on the [censored] website. This update had previously been performed to the rest of the servers on our network.
"All of our servers will have been upgraded to Windows 2000 Service Pack 3, and IE 6 with service pack 1. The patches are part of Microsoft’s November Security vulnerabilities. They are located on the network in: [censored] directory.
"I create a batch file to mitigate the number of reboots required. There are two reboots required this month."
**********
List,
I thought some obvious security issues would have been noted.
The reason I posted this email was to point out that security can be compromised in the most seemingly benign ways. I believe there are at least three points of negligence to be cited:
1. It states in a very specific sense the exact state of the vulnerability of certain servers.
2. It tells an interested person how long the computers will be vulnerable.
3. It specifies exactly which patches will be applied and where on the network they are located.
Given a cracker monitoring and attempting access to a network, or having inside information, said cracker could target specific Micros~1 vulnerabilities on specific servers. Given the exact window, stepped up, targeted attempts at "rootkit" installation could be made. And the seriously crafty could compromise the patches on the network prior to application.
Am I being to dramatic? Does anybody agree? Disagree?
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
