lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040213133830.56747fbb.mole@morris.net>
From: mole at morris.net (Paul J. Morris)
Subject: Removing FIred admins

If you rely in the integrity of information in databases, I would also
advise reviewing all trigger code present in your databases and
examining how you assess the integrity of your data.  There are some
very nasty things that someone able to write code within a database
could do to make your data gradualy degrade over time (or leak).  More
broadly, assess what sorts of executable code you might be restoring
from backups as part of your data after you have reinstalled all of your
operating systems.
-Paul

On Fri, 13 Feb 2004 16:54:21 +0100
Benjamin Schweizer <besh@....net> wrote:
> I think you need to do some risk management. There are some steps to
> keep in mind (from a security-point of view), I'd follow this order:
> 
> 1. change the logins
> 2. ensure that he has no more physical access
> 3. inform his colleques (protect against social engineering)
> 4. check your logs / increase the log level / install additional ids
> 5. reinstall the affected systems from scratch (run an audit if not
> possible)
> 6. fix security holes that he could/should know
> 7. ensure that your other admins are upright (be fair)
> 8. watch your competitors if he sold information
> 9. break his password, if you have no access to your data
> 10. prepare for the future
> 

-------------
Paul J. Morris  
Biodiversity Information Manager, The Academy of Natural Sciences
1900 Ben Franklin Parkway, Philadelphia PA, 19103, USA
mole@...ris.net  1-215-299-1161  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040213/14bca20f/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ