lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 29 Apr 2011 10:03:02 -0700
From: bk <chort0@...il.com>
To: Cal Leeming <cal@...whisper.co.uk>,
	Full Disclosure <full-disclosure@...ts.grok.org.uk>
Cc: Tõnu Samuel <tonu@....ee>
Subject: Re: Barracuda backdoor


On Apr 29, 2011, at 9:22 AM, Cal Leeming wrote:
> On Fri, Apr 29, 2011 at 4:13 PM, bk <chort0@...il.com> wrote:
> On Apr 29, 2011, at 6:11 AM, Cal Leeming wrote:
>> 
>> On Fri, Apr 29, 2011 at 3:30 AM, bk <chort0@...il.com> wrote:
>> Everything you have mentioned there are when you have 'leased' a product, so if the license runs out, of course it's going to terminate those 'leased' services.
> 
> 
> Actually, no.  I'm really starting to doubt you have any experience what so ever with enterprise products.  Every appliance I've ever heard of or sold personally is sold, as in ownership is transferred.  The physical unit belongs to the party who purchased it.  The continuing fees or subscriptions cover:
> 1.  Support
> 2.  Product updates and patches
> 3.  Updates to anti-spam and anti-virus definitions
> 4.  Other product features that either require infrastructure on the vendor's part, or capabilities that are OEM'd from another vendor and require recurring royalty fees.
> 
> Are you referring to hardware or virtual appliances? Almost everything I have used in an enterprise deployment, has been where the unit was owned outright by the customer, with the license simply being for support.

EIther/both.  In the case of VM, customer generally pays a one-time license for the right to run a VM (in perpetuity).  A few were sold based on size of the pre-configured VM (disk space, vCPUs, etc), but my understanding is most of those are transitioning to a perpetual VM license scheme (due to the obvious fact that customers can change the virtual hardware).

If you don't like remote support from vendor, ask them how to disable it.  If you don't believe them, block all the egress traffic and look at the firewall logs to see where it's sending SYNs.  Almost any product these days needs to download updates, but you should be able to tell the difference between downloading updates and opening reverse shells.  I don't know of any vendors yet who do their shell over HTTPS (although it would make sense if you want it to be covert, ssh really stands out).

--
chort




Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ