Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Caveat Emptor - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Caveat Emptor

Jon dropped us a note pointing to an interesting article by Gene Spafford on the dangers of automatic updating of systems.

While not specifically written about a firewall, or other information security component it is a sobering view of what happens when QA for patches isn't done properly.


140 Posts
Jan 11th 2009
Sounds much like the Windows XP SP3 that automatically updated numerous systems including those with AMD processors that failed to restart afterwards. Many other vendors have had similar issues. But at least that could be recovered by the user, unlike this situation. I understand that vendors can't test for everything, but for embedded systems such as the article described one ends up with a brick rather than a functioning device as a result of a fully preventable situation neglected by the vendor. Simply unacceptable in the situation described by the article.

Sign Up for Free or Log In to start participating in the conversation!