| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Jul 2012 09:18:59 -0400 From: Григорий Братислава <musntlive@...il.com> To: Scott Solmonson <scosol@...sol.org> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>, Ali Varshovi <ali.varshovi@...mail.com> Subject: Re: Linux - Indicators of compromise On Wed, Jul 18, 2012 at 12:20 PM, Scott Solmonson <scosol@...sol.org> wrote: > Shortcutting other responses- > 2) assume the worst, don't isolate, monitor spread tactics, > perceptually contain and then analyse. This is make sense! Do not isolate. Let hacker run rampant in is your network. Because if they is damage your network in is process of not isolating them, is ok if they is steal and delete. You get to see what is they stole after is gone, and after they is wipe your system. This is good advice yes, help test your BC/DR! MusntLive like absurd and obscure approach! > Endgame is always close the hole, restore the data, learn from your > mistakes that allowed it to happen :) MusntLive is love your advice! According to you: 1) Let hacker run amok so you can see them is run amok 2) Once hacker is run amok, steal your bread and is butter, wipe your systems, restore 3) Go back and is learn why they steal and delete. MusntLive think answer for #3) is logic one: "Idiot admin allowed is this to happen" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists