Please run windows update now

J. Oquendo joquendo at e-fensive.net
Mon May 15 16:21:35 UTC 2017


On Mon, 15 May 2017, Brad Knowles wrote:

> If Microsoft didn't open the security hole in the first place, then there wouldn't be a need to patch it afterwards.

You are very correct. Microsoft opened the hole because
they had nothing better to do. Or, could it be that these
things happen, akin to a car having to perform a recall.
I am sure (with the exception of Volkswagen's clusterf^W)
no vendor in any vertical wants to put out subpar products
(call me a dreamer.)

> Of course, there will always be patches that need to be applied, and people do have to decide what is a sane patching process.  But if a patch can be completely avoided because they were more careful and rigorous in their development to begin with, then as a whole the world would be better off.

Rigorous in development means little. Go pick an RFC and
you will find that over time, even the foundations have at
some point or another been broken/circumvented. I have a
mental running joke "Blame Paul Vixie!!!" (Sorry Paul :))
When the world lost their ability to use common sense,
anything related to DNS became a blame Paul for writing
BIND. No... Old saying: "Any time you point the finger,
remember, there are more of your fingers pointing back at
you."

Organizations do perform testing, and some don't. Just
because some don't does not mean the industry as a whole
won't, or doesn't do it. The fact MS went out of their way
to make patches for systems they SPECIFICALLY stated they
would not support no more gives them kudos across the
board.
 
> An ounce of prevention on their part would prevent a pound of cure having to be applied by everyone else in the world.

With 20/20 vision, should that mean I should be expected
to see someone throwing a 100MPH fastball at me from
my back? Would my pound of cure be ESP for seeing the
future?

> But then Microsoft couldn't extract their value from selling that pound of cure, so that would be another problem.

Sorry to tell you this, that comment makes little sense.
I didn't know Microsft sold that pound of cure (patch).

> Not everyone licks their chops and thinks "fresh meat" when they see worldwide panic that results from a massive security hole like this.

Jump in the security space, where we may gladly trade our
cats and dogs for Porsche Panameras

> Some of us just want to get regular work done.

And some of us find that life goes on. This is no different
than Nimda, and other minor fiascos that occur every once
in a while. With the exception of Morris. No one, not even
the worms in the dirt like him.

-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

0B23 595C F07C 6092 8AEB  074B FC83 7AF5 9D8A 4463
https://pgp.mit.edu/pks/lookup?op=get&search=0xFC837AF59D8A4463


More information about the NANOG mailing list