[Dshield] Re: A few posts... Patching and DSHIELD RULES

David Sentelle David.Sentelle at cnbcbank.com
Wed Aug 13 18:55:43 GMT 2003


Yes, patching quickly is important, but not always possible.  Running a
network with just over 100 users relying on the services adds up to big
dollars going down the tube when these systems don't work because
Microsoft's patch gave us the Microshaft.  This has happened a couple of
times, one specifically because Microsoft included unnecessary files in
the patch that rendered our RAID controller useless until the file could
be restored.  (Thank goodness the system was booting to a non-raided
drive)  I can only imagine having 1000+ users taken out because I didn't
want to test something (that SHOULD have been tested already) in a
non-production environment.  

I agree with the sentiment that DShield is one of the best early
warning systems an admin can have in his mailbox.  I've got a few
security mailing list subscriptions.  A couple send me around 40
announcements a day.  None, including my Microsoft security bulletin,
have made me aware of the REAL threats as quickly as DShield.  I also
get better taglines here than anywhere else.  :)

David Sentelle
Network Operations Specialist
Commerce National Bank
614.583.2082 Voice    614.583.2201 Fax
There are only 10 types of people in this world: 
Those who understand binary, and those who don't.

>>> list-request at dshield.org 8/13/03 12:19:21 PM >>>

Date: Wed, 13 Aug 2003 07:50:45 -0500
From: "Micheal Patterson" <micheal at cancercare.net>
Subject: Re: [Dshield] DCOM morning after(a little off topic)
To: <list at dshield.org>

Patching is always important. However you must understand that placing
patches on a production machine without first ensuring that the system

Date: Wed, 13 Aug 2003 10:33:39 -0400
From: "Paul Marsh" <pmarsh at nmefdn.org>
Subject: [Dshield] Thank you Johannes and Dshielder's
To: "'Dshield (E-mail)" <list at dshield.org>
	<9F3B43C638622B45B013654517B61D9B0773AE at banana-jr-6k.nmefdn.org>
Content-Type: text/plain;	charset="iso-8859-1"

  I'd just like to take a moment and send out a BIG thank you to
Johannes Ullrich for creating Dshield.  I'd also like to thank my fellow
dshielder's, the information reported on this list has been 100%
accurate and in everyone's mailbox long before anyone else even knew
what was going on.  The list in my opinion is the best on the net.  

  I've been watching/listening/reading the major news agencies over the
past two days first off let me say a day late and a dollar short, it's
amazing how un-informed some people really are.  A reporter on CNN last
night thought it was funny when her system started rebooting.  Most news
agencies are reporting that if you update your AV, run a removal tool
and apply the patch your system is OK.  Why aren't these people reading
and understanding what's going on? 

  OK enough venting.

  Again thank you Johannes and thank you Dshielder's

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which they
are addressed.  If you have received this e-mail in error, you are 
prohibited from using, divulging any of its contents, or forwarding 
this email.  Please notify admin at cnbcbank.com and delete it from 
your system.

More information about the list mailing list