lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20040519142719.30029.qmail@web41602.mail.yahoo.com>
From: keydet89 at yahoo.com (Harlan Carvey)
Subject: I Got Hacked. Now What Do I Do?

I have to apologize, as I didn't see the original post
in my inbox...could someone forward it to me?

> > Now one can't trust somewhat 50% of all Microsoft
> Computers.
> 
> you trusted that many before? :)
> 
> Honestly though, it isn't a total writeoff.
> 
> Your data may well have been compromised - so you
> need to run a validation
> exercise after copying to a clean system but before
> even starting a
> webserver (or anything that could execute binaries
> in your dataset) -
> 
> *Validate and sanity check database-data -
> particularly any user/access
> lists, and change passwords on any admin accounts.
> 
> *Validate and sanity check static html pages
> 
> * Recompile or upload from trusted sources any
> binaries - they can't be
> trusted - and validate / sanity check any scripts
> 
> * Ideally, if you have a DEV system that wasn't
> compromised (many
> organizations do) upload known-clean copies - just
> be sure you didn't
> backport any scripts or html pages from the "live"
> server, nonsensical
> though that might sound.
> 
> I am not going to say getting back to a 100%
> trustworthy system is going
> to be possible in a short term, but you should be
> able to have 99%
> confidence in your datasets and site pages within a
> week.  Isn't going to
> be cheap (in man hours, but that translates to money
> in various ways)
> either.
> 
> For the future, consider a bit of diversity and a
> decent (DMZing)
> firewall; if your boxes don't *have* exposed ports
> other than 80, they can
> only be compromised by an attack on that port, not
> (say) 445.
> 
> Diversity doesn't mean dumping Windows if you are
> wed to the platform (ie,
> have an existing large investment in it) - but
> consider Apache and PHP
> rather than IIS and VBScript; they run just fine on
> windows, will scale
> with the company (so you can upgrade to non-windows
> hardware in the future
> if you need to) and are more common than IIS anyhow.
> 
> A decent firewall doesn't have to be expensive - for
> entry level, you can
> use a legacy PC with three network cards (inside,
> outside, DMZ) and a
> floppy (no hard) drive, then boot the fw with a LEAF
> linux such as
> Bering - from write protected floppy disks (and get
> VPN support and a DNS
> server thrown in for free :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ