[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ADA47EFE15ACA74E8B702B6EF90D91391A5304@UTDEVS08.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: another new worm submission
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
> -----Original Message-----
> From: Perrymon, Josh L. [mailto:PerrymonJ@....com]
> Sent: Sunday, June 06, 2004 10:36 PM
> To: 'Ron DuFresne'; Jerry Heidtke
> Cc: Schmehl, Paul L; full-disclosure@...sys.com
> Subject: RE: [Full-Disclosure] another new worm submission
>
> I agree.
>
> Anyone that would have those ports open has a *lot more to
> worry about that cleaning a few worm infections.
> That's not the case here. This infection was caused by a
> remote user not a Lan user.
> With several hundred laptops it's hard have 0 exposure. As
> with any growing security practice and today's decreased
> budgets areas of focus are determined on risk exposure.
>
> Anywho-
> I found the Trojan to be backdoor.nibu.g- although Symantec
> AV didn't pick it up until tonight.
>
> I think this is a good example that perimeter security is
> only part of the battle.
> Tomorrow's morning meeting will stress the importance of
> desktop firewalls again and a good patch management process.
> You can talk until your blue in the face to upper management
> but I find 90% to be reactive.
>
I rest my case.
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists