lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <EBF49D1F55C6D349AFBE297CAC238A521FB3FC4C@uskzoms025.uskzo.am.pnu.com> Date: Wed, 12 Nov 2003 12:09:41 -0500 From: "Reava, Jeffrey [IT/0200]" <jeffrey.reava@...rmacia.com> To: "'psz@...hs.usyd.edu.au'" <psz@...hs.usyd.edu.au>, bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: RE: MS03-048: Thor and unpatched? <snip> (Is it known what http://www.pivx.com/qwikfix/ does? Will it remain free? Is "Mocrosoft" a mis-spelling or some joke?) </snip> You can use In Control 5 to isolate the changes made by a given application. Especially good for running down registry entries. Start to end, it should only take about 1/2 hour to download, monitor changes and generate a report. It's available here: http://www.devhood.com/tools/tool_details.aspx?tool_id=432 For a slightly broader look at evaluating untrusted software in a controlled environment: http://www.sans.org/rr/papers/5/79.pdf Abstract: "Tools and techniques of reverse engineering allow the professional analyst to identify and describe in detail the behavior of malicious software in a test lab environment. However, many users and organizations lack both the resources and time to subject untrusted software to such stringent tests. To address the key business concern of "is this software safe to download and use?", a lightweight filtering methodology is proposed that will yield a reasonably reliable answer with a very modest resource and time investment." This communication is intended solely for the use of the addressee and may contain information that is legally privileged, confidential or exempt from disclosure. If you are not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. Anyone who receives this message in error should notify the sender immediately and delete it from his or her computer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists