lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ILEPILDHBOLAHHEIMALBCEICENAA.jasonc@science.org>
From: jasonc at science.org (Jason Coombs)
Subject: [sean@...elan.com: Symantec detected Slammer worm "hours" before]

Whether or not DeepSight fielded a few nibbles from Sapphire before its
first successful penetration occurred, one has to ask the question "who
cares?"

If DeepSight couldn't tell administrators that their boxes exposed a
critical remote exploitable well-known buffer overflow vulnerability then
what good is it?

How can hundreds of thousands of smart people all focused on system
administration, programming, and infosec keep missing the simplest of
security flaws?

http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0
  "For example, the DeepSight Threat Management System discovered the
  Slammer worm hours before it began rapidly propagating. Symantec's
  DeepSight Threat Management System then delivered timely alerts and
  procedures, enabling administrators to protect against the attack
  before their environment was compromised."



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ