Valdis.Kletnieks@vt.edu wrote: [snip] Hi Vladis!
Actually, it *is* relevant for the "rest of us".
Given the number of boxen that got whacked, and the number of sites involved, "the defender" *is* "the rest of us", and "we as an industry" obviously need to get our collective act in gear. Remember -
Which is exactly my point... People keep worrying about 0days, when I'd only start worrying about them once I made sure that current (old) and known vulns can't get me. Once they are inside, it doesn't matter how they got in until a later time when you do forensics and try to make sure it doesn't happen again, which is what I referred to as the defender side. Fact is, the break in was serious because serious data was stolen.. so why should the fact it was an old vuln distract us from that except for perhaps reintroduce the facts that people simply don't do enough security and/or best practices, which we already knew?
*Your* boxes may be hardened beyond all belief and plausibility, but you're *STILL* screwed if some teenaged kid on another continent has more effective control of the router at the other end of your OC-48 than the NOC monkey you call when things get wonky....
Well, I suppose it's not really a great idea to wait until things get wonky to establish good and operational relations with your uplink. Gadi.