lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040513195732.GI1624@suespammers.org>
From: rodrigob at suespammers.org (Rodrigo Barbosa)
Subject: Sasser author

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

1) Company has firewalls and security stuff (and staff)
2) Manager has a notebook
3) Manager insist that his notebook should not be connected to a 
   "low security" network segment, cause he wants to be on the same
   network everyone else is, and once he is the boss, things will be
   the way he wants
4) Manager forbids the instalation of any "stupid software that keeps
   giving popups every time I want to access the internet" (Personal
   Firewalls)
5) Manager connect with his notebook to the internet at home
6) Manager plugs his notebook back on the company network


How often is this scenary ? I met it at least 3 times during the
Sasser infestantion alone.

[]s

On Thu, May 13, 2004 at 08:31:34AM -0700, Harlan Carvey wrote:
> Come on, Larry...
> 
> The first thing in the MS bulletin about Sasser is
> "enable a firewall"...block the port.  Slammer was the
> same way.
> 
> And yeah, I know about the dial-up and VPN issues, but
> there are designs that protect against infections
> there, was well.
> 
> Perhaps after all these years of publishing "best
> practices", maybe the victims would
> stop...well...being victimized.
> 
> 
> --- Larry Seltzer <larry@...ryseltzer.com> wrote:
> > >>Sasser violates poorly designed/implemented
> > network infrastructures.
> > 
> > I think we'd better be careful with all this moral
> > equivocating. Some of it's right up
> > there with "she was wearing provocative clothing."
> > It's obvious who the criminal is and
> > who the victim is.
> > 
> > Larry Seltzer
> > eWEEK.com Security Center Editor
> > http://security.eweek.com/
> > http://blog.ziffdavis.com/seltzer
> > larryseltzer@...fdavis.com 
> > 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

- -- 
Rodrigo Barbosa <rodrigob@...spammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAo9MspdyWzQ5b5ckRArZOAKCT0yRo2hLs6dWALlXJguvK3h4DGACgjc8E
B8V0B83GAei8qSBH8RT7cwY=
=mRA+
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ