lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611E03F60BCC@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: RE: Probable new MS DCOM RPC worm for Windo ws

> -----Original Message-----
> From: Jerry Heidtke [mailto:jheidtke@...h.edu] 
> Sent: Friday, September 26, 2003 10:33 AM
> To: Schmehl, Paul L; full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] RE: Probable new MS DCOM RPC 
> worm for Windo ws
>
> No one is going to manually touch 2000+ machines (unless 
> you're a consultant and you get paid by the hour). That's why 
> there're tools to check whether the file properties are 
> correct for a particular hot fix.
> 
> For example, Microsoft Baseline Security Analyzer (free),

Sorry, don't trust it and don't like it.

> GFI Languard Network Security Scanner (inexpensive),

Using it.

> Shavlik HFNetcheckPro (expensive),

Not using it.

>and Microsoft SMS (with SU feature pack) (very expensive)

Using both it and SUS.

> will all do file version and/or 
> checksum calculations to verify that a particular file is 
> what should be there to consider a patch to be installed. 
> Some of these will even automatically deploy the patches to 
> machines that are missing them.

All of which I am already aware of, and much of which we are already
using.  If you read my post about this, then you already know that I'm
using ISS, Retina and Languard as well as the MS KB824146 scanner to
check for patch compliance.

So I'm not quite sure what you point is.

Gary suggested checking file properties and I *assumed* he meant for
every machine.  He has now clarified that he meant machines that are
questionable.

Now, as to whether or not I'm negligent as a
professional...well...opinions are like other things that humans have -
each one is unique.  :-)

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ