lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: dbounds at intrusense.com (Darren Bounds)
Subject: JAP back doored 

Good afternoon,

 
In my experience it can be significantly more challenging to defend large
enterprise than to defend a small-medium sized enterprise for a number of
reasons.

First of all, your typical Fortune 500 company is generally going to be a
larger and much more complicated infrastructure. As such you must tread
softly when making changes so not to upset the complex mesh of
interdependencies that exist. More often than not, even the slightest change
could have dire consequences if not tested thoroughly or communicated to the
necessary business units. I know of several companies who patched the DCOM
vulnerability relatively quickly, only to meet with connectivity issues due
to new port requirements and no firewall policy to support it.

Secondly you have the bureaucracy. An example of which could be the change
management policies. Administrators, developers and analysts share a small
window of opportunity to make changes each week. These changes have to be
evaluated for possible conflicts and prioritized with the understanding
that, your patch requirements may have to take a back seat to enhancements
or a resolution to an existing problem.

Finally, you shouldn't assume the size of the company will reflect the skill
level of its employees.  Fortune 500 companies have just as much chance of
hiring the 'right' person as anyone. In fact, since it's fairly common for
them to offer a smaller salary in exchange for stability and benefits, one
could assume that in a number of cases, they may have slightly less chance.

Remember, it takes much less effort to turn a rowboat than it takes to turn
an aircraft carrier.


Thanks,

Darren Bounds
Security Consultant
Information Security Services
Intrusense LLC.


--
Intrusense - Securing Business As Usual



> From: "morning_wood" <se_cur_ity@...mail.com>
> To: <full-disclosure@...ts.netsys.com>
> Subject: Re: [Full-Disclosure] JAP back doored
> Date: Mon, 25 Aug 2003 10:02:50 -0700
> 
>> Do you think this is a relistic szenario ? I'm not sure
> hmm, criminals using hacked computers as proxy??
> im sure that never happens. and im prety everone
> can prove and tell they have been hacked, hah
> with the recent rpc-dcom exploit, as proved here
> even Fortune 500 company admins cant secure
> thier systems or even know theve been compromised.
> im sure that never happens....  open your eyes
> 
> 
> wood
> 
> 
> --__--__--

--

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ