lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <9E97F0997FB84D42B221B9FB203EFA2707E3D7@dc1ms2.msad.brookshires.net>
From: toddtowles at brookshires.com (Todd Towles)
Subject: The 'good worm' from HP

I hope it is a bad choice of words. He is a VP, should I say more? 

Even if it is a controlled worm that moves around in the internal
network patching computers, it sounds like a very stupid idea. 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of joe
Sent: Sunday, August 22, 2004 8:20 AM
To: Todd Towles; fulldisclosure@...eraxe.demon.nl;
full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] The 'good worm' from HP

> Allan is right. I didn't notice people calling it a worm. 


>From the article at InfoWorld...

<SNIP>
We've been working with (customers) for the last month now," said Tony
Redmond, vice president and chief technology officer with HP Services in
an interview. 
<SNIP>
"This is a good worm," said Redmond. "It's turning the techniques (of
the
attackers) back on them."
<SNIP>

Possibly he used a bad choice of words. 



I definitely agree though that you probably shouldn't be "infecting"
machines to patch them. In order to patch through a hole like that you
are running code through that hole and that is the same as infecting in
my book, you just aren't propogating. You could still make the machine
unstable or cause other issues. I think my preference would be something
along the lines of what the NetSquid project is doing mentioned
previously but be more aggressive. Sure have the feed from SNORT to
actively go out and pop the machines currently sending bad traffic, but
also scan for machines that
*could* get infected and shut them down as well. That would be a good
use of this tech HP is working on, simply identify the machines. However
others have done the similar in terms of detection so that wouldn't be
nearly as new and daring. They could do a good thing by making it fully
supported by a big name, stable, quick, and part of an overall framework
for protecting the network environment. 

  joe

 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Todd Towles
Sent: Saturday, August 21, 2004 8:58 PM
To: fulldisclosure@...eraxe.demon.nl; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] The 'good worm' from HP

<SNIP>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ