[74342] in North American Network Operators' Group
The Trailing Edge (was Re: FW: The worst abuse e-mail ever, sverige.net
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Sep 22 13:33:01 2004
To: Jon Lewis <jlewis@lewis.org>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Wed, 22 Sep 2004 12:52:54 EDT."
<Pine.LNX.4.58.0409221201090.19348@web1.mmaero.com>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 22 Sep 2004 13:30:01 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-963401559P
Content-Type: text/plain; charset=us-ascii
On Wed, 22 Sep 2004 12:52:54 EDT, Jon Lewis said:
> Older versions of SA, especially with custom DNSBL rules, may have had
> this issue (applying DUL type DNSBL rules to IPs in every Received:
> header:) but thats been fixed for some time.
In many cases, "fixed" != "deployed", unfortunately. And that adoption
curve has got a LONG tail at the far end going to infinity, because some
sites will never upgrade.
Has anybody done a comparison for different instances of this same problem
(for instance, rate of fixing of 69/8 filters, open SMTP relays, installing a
Microsoft 'critical' software fix, patching bind/ssh/apache/whatever
after a vulnerability is found), to see if the underlying curve has similar
characteristics?
I'm familiar with Eric Rescorla's "Security Holes - Who cares?"
paper (http://www.rtfm.com/Upgrade-usenix.pdf) and Beattie, Arnold,
Cowan, Wagle, and Wright's "Timing the Application of Security Patches
for Optimal Uptime" from LISA XVI - any other cites, especially for those
that succeed in mathematically modelling it in the real world well enough to
make predictions from?
--==_Exmh_-963401559P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFBUbaYcC3lWbTT17ARAoOHAJ9RgtMCwGKMobOitxZhA8b9/wY4VgCeImVa
seZswqBWCIv3BsOotz09r48=
=TTVr
-----END PGP SIGNATURE-----
--==_Exmh_-963401559P--
