| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: scroutinizer at beeb.net (The Central Scroutinizer) Subject: The 'good worm' from HP Would it not be better to have a standard secure backdoor provided by a security package that could downloaded or installed by disk and works hand in hand with port scanning software, if this is really necassary. I am supprised Microsoft have not released such a peice of software; maybe a third party have. Aaron ----- Original Message ----- From: "Todd Towles" <toddtowles@...okshires.com> To: "joe" <mvp@...ware.net> Cc: "Mailing List - Full-Disclosure" <full-disclosure@...ts.netsys.com> Sent: Sunday, August 22, 2004 7:15 PM Subject: RE: [Full-Disclosure] The 'good worm' from HP >I hope it is a bad choice of words. He is a VP, should I say more? > > Even if it is a controlled worm that moves around in the internal > network patching computers, it sounds like a very stupid idea. > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of joe > Sent: Sunday, August 22, 2004 8:20 AM > To: Todd Towles; fulldisclosure@...eraxe.demon.nl; > full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] The 'good worm' from HP > >> Allan is right. I didn't notice people calling it a worm. > > > From the article at InfoWorld... > > <SNIP> > We've been working with (customers) for the last month now," said Tony > Redmond, vice president and chief technology officer with HP Services in > an interview. > <SNIP> > "This is a good worm," said Redmond. "It's turning the techniques (of > the > attackers) back on them." > <SNIP> > > Possibly he used a bad choice of words. > > > > I definitely agree though that you probably shouldn't be "infecting" > machines to patch them. In order to patch through a hole like that you > are running code through that hole and that is the same as infecting in > my book, you just aren't propogating. You could still make the machine > unstable or cause other issues. I think my preference would be something > along the lines of what the NetSquid project is doing mentioned > previously but be more aggressive. Sure have the feed from SNORT to > actively go out and pop the machines currently sending bad traffic, but > also scan for machines that > *could* get infected and shut them down as well. That would be a good > use of this tech HP is working on, simply identify the machines. However > others have done the similar in terms of detection so that wouldn't be > nearly as new and daring. They could do a good thing by making it fully > supported by a big name, stable, quick, and part of an overall framework > for protecting the network environment. > > joe > > > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Todd Towles > Sent: Saturday, August 21, 2004 8:58 PM > To: fulldisclosure@...eraxe.demon.nl; full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] The 'good worm' from HP > > <SNIP> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists