What is Digg?Sponsored by Gilt Man
It's a Gilt Man's world view!
giltman.com - Get gear and gadgets at up to 70% off. Shop like a guy, dress like a man. You're invited.
27 Comments
- inactive, on 10/12/2007, -4/+19its good to see them patching up flaws.
- tidu, on 10/12/2007, -2/+13That is one deformed emoticon.
- surfing, on 10/12/2007, -0/+8I installed Ubuntu 6.06 LTS via CD. There are 176 updates available...
- furtwan1, on 10/12/2007, -0/+7"yes, but releasing the patch on the day they make it mould be more useful."
no, it really wouldn't. Maybe if you're running a single computer in you mom's basement, but for a 100+ computer org its much better to have predictable releases.
This also gives them time to do a proper job of investigating the real issue before releasing a patch, which hasn't always been the case with certain open source projects that brag about 1 day patch times. - mntpng, on 10/12/2007, -0/+5Gee... I wonder how many vulnerability reports hit the streets on exploit Wednesday. This is the side effect of having a predictable bug fix release schedule. Virus writers know exactly when to launch their malware to maximize their effectiveness.
Isn't it funny how whenever Microsoft's DRM is cracked, the fix gets the highest priority and gets released as soon as possible and not delayed untill patch Tuesday? - warmcat, on 10/12/2007, -13/+16Redhat should have Fedora Core 6 out the day after...
- redxii, on 10/12/2007, -1/+4Actually, atleast half of what Secunia says is unpatched actually has been patched or there is a "claim" to a security bug that has absolutely no merit. One with no merit is "Windows XP admin downgrade problem". It claims: "These users can at least see running processes of other users and possibly more." Guess what? I'm in Linux right now, and I can see mine and root's processes. As well as other daemons. That is the same default behavior that is supposed to occur in XP.
Then there's "Windows XP Internet Connection Firewall Bypass Weakness". It's a fundamental problem with all firewalls, yet it's only a problem in XP. - inactive, on 10/12/2007, -1/+3How much you want to bet one of them is a patch for FairUse4WM?
- itanshi, on 10/12/2007, -0/+1is it just me or is windows update down? i havn't been able to access parts all day
[Error number: 0x80248013]
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
For self-help options:
Frequently Asked Questions
Find Solutions
Windows Update Newsgroup
For assisted support options:
Microsoft Online Assisted Support (no-cost for Windows Update issues)
Read more about steps you can take to resolve this problem (error number 0x80248013) yourself. - CARPEDATAM, on 10/12/2007, -0/+1Patch Proxies can ease the pain of Patch Tuesday
http://www.nemertes.com/columns/postpone_patches_with_a_patch_proxy?#
Software maintenance has long been recognized as the most expensive part of the software lifecycle. Increased security threats have forced vendors to release software updates and patches far more often, exacerbating the cost of maintenance. But a bigger problem looms: The most critical servers in an organization are not getting patched because IT managers are extremely reluctant to expose those servers to frequent updates that may cause crashes or software conflicts.
How should we reconcile the need to limit server exposure to security threats with the risk inherent in frequent patching?
Even though software patches have been a mainstay of software maintenance for decades, it was up to IT managers to choose whether a patch added useful functionality or whether it was better to wait until the next software release. But in the late '90s, vendors started using patches to address security vulnerabilities, gradually increasing the frequency of patch releases as more and more security vulnerabilities were discovered. In an ironic twist, the cure gradually became worse than the disease, with IT organizations struggling to keep up with hundreds of new patches each year.
One solution to the patching conundrum is an inline “patch proxy” or “network patch” appliance. A patch-proxy device changes the network traffic, applying a transformation to the packets that is functionally equivalent to a patch.
More at link: http://www.nemertes.com/columns/postpone_patches_with_a_patch_proxy?# - CARPEDATAM, on 10/12/2007, -1/+1One solution: http://www.darkreading.com/document.asp?doc_id=104437&page_number=5
Six Hot Security Products
SEPTEMBER 26, 2006 | 4. Blue Lane's Virtual Patching: Inline Proxy Appliance
Relief from the constant stream of security patches vendors push out to customers? What's not to like about that?
It's not just the volume of patches that IT managers have to deal with -- they must also contend with testing against current implementations to ensure against conflicts or crashes, a process that can turn into a huge time-suck. Then there's the need to power down a server or network node while the patch is applied and activated. That often means delay, unhappy users, and potential for lost revenue.
That all helps explain the growing buzz around the inline proxy technology from Blue Lane Technologies, which checks traffic for any possible problems, then emulates patch functionality so that applications can continue to operate till the actual patch gets released, tested, and activated.
- inactive, on 10/12/2007, -1/+1 So very true...Makes you sit down and go:"hummm".
Oh,and I think I was misunderstood when I made the comment about Fedora Core 6 's patches...
How many patches will it need every month?
Why none. I was not poking fun at Fedora, I was poking fun at Microsoft. - inactive, on 10/12/2007, -1/+1 I hear there is a 12 step program for that.
- psedog, on 10/12/2007, -4/+4Now that's the best point I've heard in a long time.
- CARPEDATAM, on 10/12/2007, -2/+1Patch Tuesday Morning AFter Pill: by Chris Hoff, Rational Security blog
http://rationalsecurity.typepad.com/blog/2006/08/retrospect_the_.html#comment-23023749 - CARPEDATAM, on 10/12/2007, -3/+2Stiennon on Patch Tuesday: http://blogs.zdnet.com/threatchaos/?p=415
- budiversonjr, on 10/12/2007, -1/+0Check out www.bluelane.com for perfect solution for Patch Tuesday.
- KMartSheriff, on 10/12/2007, -6/+3I don't like Microsoft, but cool. Im glad they're making it happen.
- redxii, on 10/12/2007, -5/+1We should buy Vista because they don't want to fix those in XP? Or they have a dedication only to Vista to have 0 unpatched?
- cha5e, on 10/12/2007, -11/+7Yay, 11 new zero-day exploits on Wednesday!
- TheBigGuycouk, on 10/12/2007, -8/+4yes, but releasing the patch on the day they make it mould be more useful.
- felderado, on 10/12/2007, -6/+0did Martha put you up to this, KMartSherrif?
- justice7, on 10/12/2007, -11/+3i much prefer Kubuntu .. a matter of taste really
http://www.kubuntu.com
or get yourself some free pressed cd's ..
shipit.kubuntu.com
shipit.ubuntu.com - redxii, on 10/12/2007, -14/+5[obligatory pre-emptive comment]
Get Service Pack Ubuntu: http://www.ubuntu.com
[/obligatory pre-emptive comment] - jbus, on 10/12/2007, -11/+1A couple of those patches are NSA/DHS patches.
- mr804, on 10/12/2007, -21/+7who gives a ***** if fedora core 6 is out. Yeah, no patches in redhat...
- inactive, on 10/12/2007, -19/+4 And how many security patches will they need?
:>)
© Digg Inc. 2009
— Content created and posted by Digg users is