lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Jun 30 17:51:35 2006 From: Ed.Antczak at fnf.com (Antczak, Ed) Subject: Corporate Virus Threats I second the motion. An opportunity to focus and filter the broad spectrum of security issues is welcome if possible. Edwin Antczak Windows Engineer -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of n3td3v Sent: Friday, June 30, 2006 9:48 AM To: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Corporate Virus Threats On 6/30/06, Castigliola, Angelo <ACastigliola@...mprovident.com> wrote: > >When the malicious code writers build their viruses and Trojans why > >not code the threats to detect the use of proxy servers and if used, > >connect through them. > > Typically you can get to the internet through the default gateway directly from the computer without needing to configure proxy settings. A better question would be why do viruses run in user-mode versus kernel mode (see http://www.phrack.org/show.php?p=62&a=6 "Kernel-mode backdoors for Windows NT")? My guess is that 15-18 year old kids that write viruses mostly use recycled code and are often poorly written. > > >Working in Corporate America, most firewall configurations block > >outbound TCP 80, asthe proxies listen on other non-standard TCP ports. > > I do not agree with this. Most corporations allow outbound TCP 80. > > I think this thread is more appropriate for focus-virus and not Full-disclosure. Full-Disclosure should setup its own dedicated lists for individual topics like securityfocus.com do. The thought of going near a Symantec run list makes me cringe. John Cartwright, can we have more Full-Disclosure lists setup for specialized topics? Heres my suggestions: FD social engineering and phishing list - discussion of social engineering issues and its variants FD vulnerability development list - discussion of development and prevention of vulnerabilities FD incident response and recovery list - discussion of response and recovery issues FD voice over internet protocol list - discussion of VoIP security issues FD web application security list - discussion of web application, and AJAX, FJAX secure coding. FD bug disclosures list - discussion of new security threats and analysis FD enterprise security list - discussion of corporate security issues, and patch management, and employee monitoring FD security careers list - discussion of latest jobs within security industry FD media coverage list - discussion of security related stories in the news FD vendor software support list - discussion of security product support, anti virus, ids, firewall issues, security basics, setting up software securely FD is the future! Its time to upgrade FD, so we can take on the might of Securityfocus.com, and give them a run for their money. Don't copy Securityfocus though, originate, not duplicate! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists