From: Shawn Bernard (shawn.bernard@NetworksUnlimited.com)
Date: Thu Feb 13 2003 - 10:29:39 EST
Comments with some snipping for brevity...
-----Original Message-----
From: Damir Rajnovic [mailto:gaus@cisco.com]
Sent: Thursday, February 13, 2003 5:44 AM
To: pen-test@securityfocus.com; security-basics@securityfocus.com
Subject: RE: Vulnebrability level definition
<----SNIP---->
>You are assuming that IIS is the one running a publicly accessible server.
If IIS is used in some remote office deep
>within you organization then it is less exposed. Thus, one may not rush to
patch this vulnerability but wait some time.
Then one would be naively assuming that the only threat to their network is
from the "public". Even if you do not have a "malicious" internal user, a
poorly secured laptop that gets plugged into a home brodband connection,
infected with the 'worm of the week' and then plugged into the internal
network could wreak havoc on all of the machines you have decided to wait
some time on patching.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:28 EDT