lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 12 Dec 2010 17:55:03 +0100
From: Christian Sciberras <uuf6429@...il.com>
To: Charles Polisher <cpolish@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, Adam Behnke <adam@...osecinstitute.com>
Subject: Re: Security Incident Response Testing To Meet
	Audit

Just to satisfy my curiosity, but, when was the last AV update performed?
One could assume some anti-virus would be up-to-date even if the last update
was performed a month or so ago.
On the other hand, an anti-virus update usually is done sometimes even
several times er day (well, mine does).

Have you tried the binaries virustotal.com (or equivalent)?

Cheers,
Chris.



On Sat, Dec 11, 2010 at 5:52 AM, Charles Polisher <cpolish@...il.com> wrote:

> Adam Behnke wrote:
> > Hi everyone, InfoSec Institute author Russ McRee has written up an
> overview
> > on tools to ensure maximum readiness for incident response teams,
> including
> > drill tactics. PCI-DSS audits often require IR testing validation; drill
> > quarterly and be ready next audit cycle.
> >
> >
> http://resources.infosecinstitute.com/incident-response-and-audit-requirements/
> >
> > Please let me know your thoughts.
>
>  "Remember that you're playing with binaries that will likely cause
>   antivirus to fire."
>
> I take issue with this statement. Tonight I tested $VENDOR's
> up-to-date anti-virus against 10 day-old malware samples captured
> from the wild - the detection rate was abysmal (225/539).
> Maybe your AV is better than mine.
>
> --
> Charles Polisher
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ