lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20031222154937.735cace0.mole@morris.net>
From: mole at morris.net (Paul J. Morris)
Subject: Removing ShKit Root Kit

On Mon, 22 Dec 2003 13:52:57 -0600
"Schmehl, Paul L" <pauls@...allas.edu> wrote:
> This advice is common, and it's always mystified me.  Why would you
> want backups of the "data"?  
    Because you may not hold a master copy of the data elsewhere or have
made a backup copy yet.  There may be data on the compromised machine
that have entered it from the internet such that you only obtain
alternate copies of when you make a backup of the data on that machine. 
The current subscriber base for an email listserver (where new subscribe
and unsubscribe requests may have arrived since the last backup) comes
to mind.  
-Paul
-------------
Paul J. Morris  
Biodiversity Information Manager, The Academy of Natural Sciences
1900 Ben Franklin Parkway, Philadelphia PA, 19103, USA
mole@...ris.net  1-215-299-1161  AA3SD  PGP public key available
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031222/b9bb7fe9/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ