lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <03dd01c43da3$4c5ccbd0$c71121c2@exchange.sharpuk.co.uk>
From: DaveHowe at cmn.sharp-uk.co.uk (Dave Howe)
Subject: I Got Hacked. Now What Do I Do?

Troels Bay wrote:
> Now one can't trust somewhat 50% of all Microsoft Computers.

you trusted that many before? :)

Honestly though, it isn't a total writeoff.

Your data may well have been compromised - so you need to run a validation
exercise after copying to a clean system but before even starting a
webserver (or anything that could execute binaries in your dataset) -

*Validate and sanity check database-data - particularly any user/access
lists, and change passwords on any admin accounts.

*Validate and sanity check static html pages

* Recompile or upload from trusted sources any binaries - they can't be
trusted - and validate / sanity check any scripts

* Ideally, if you have a DEV system that wasn't compromised (many
organizations do) upload known-clean copies - just be sure you didn't
backport any scripts or html pages from the "live" server, nonsensical
though that might sound.

I am not going to say getting back to a 100% trustworthy system is going
to be possible in a short term, but you should be able to have 99%
confidence in your datasets and site pages within a week.  Isn't going to
be cheap (in man hours, but that translates to money in various ways)
either.

For the future, consider a bit of diversity and a decent (DMZing)
firewall; if your boxes don't *have* exposed ports other than 80, they can
only be compromised by an attack on that port, not (say) 445.

Diversity doesn't mean dumping Windows if you are wed to the platform (ie,
have an existing large investment in it) - but consider Apache and PHP
rather than IIS and VBScript; they run just fine on windows, will scale
with the company (so you can upgrade to non-windows hardware in the future
if you need to) and are more common than IIS anyhow.

A decent firewall doesn't have to be expensive - for entry level, you can
use a legacy PC with three network cards (inside, outside, DMZ) and a
floppy (no hard) drive, then boot the fw with a LEAF linux such as
Bering - from write protected floppy disks (and get VPN support and a DNS
server thrown in for free :)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ