[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <025101c488a8$f7ea30a0$0200a8c0@AMDLAPTOP1>
From: scroutinizer at beeb.net (The Central Scroutinizer)
Subject: The 'good worm' from HP
Would it not be better to have a standard secure backdoor provided by a
security package that could downloaded or installed by disk and works hand
in hand with port scanning software, if this is really necassary. I am
supprised Microsoft have not released such a peice of software; maybe a
third party have.
Aaron
----- Original Message -----
From: "Todd Towles" <toddtowles@...okshires.com>
To: "joe" <mvp@...ware.net>
Cc: "Mailing List - Full-Disclosure" <full-disclosure@...ts.netsys.com>
Sent: Sunday, August 22, 2004 7:15 PM
Subject: RE: [Full-Disclosure] The 'good worm' from HP
>I hope it is a bad choice of words. He is a VP, should I say more?
>
> Even if it is a controlled worm that moves around in the internal
> network patching computers, it sounds like a very stupid idea.
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of joe
> Sent: Sunday, August 22, 2004 8:20 AM
> To: Todd Towles; fulldisclosure@...eraxe.demon.nl;
> full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] The 'good worm' from HP
>
>> Allan is right. I didn't notice people calling it a worm.
>
>
> From the article at InfoWorld...
>
> <SNIP>
> We've been working with (customers) for the last month now," said Tony
> Redmond, vice president and chief technology officer with HP Services in
> an interview.
> <SNIP>
> "This is a good worm," said Redmond. "It's turning the techniques (of
> the
> attackers) back on them."
> <SNIP>
>
> Possibly he used a bad choice of words.
>
>
>
> I definitely agree though that you probably shouldn't be "infecting"
> machines to patch them. In order to patch through a hole like that you
> are running code through that hole and that is the same as infecting in
> my book, you just aren't propogating. You could still make the machine
> unstable or cause other issues. I think my preference would be something
> along the lines of what the NetSquid project is doing mentioned
> previously but be more aggressive. Sure have the feed from SNORT to
> actively go out and pop the machines currently sending bad traffic, but
> also scan for machines that
> *could* get infected and shut them down as well. That would be a good
> use of this tech HP is working on, simply identify the machines. However
> others have done the similar in terms of detection so that wouldn't be
> nearly as new and daring. They could do a good thing by making it fully
> supported by a big name, stable, quick, and part of an overall framework
> for protecting the network environment.
>
> joe
>
>
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Todd Towles
> Sent: Saturday, August 21, 2004 8:58 PM
> To: fulldisclosure@...eraxe.demon.nl; full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] The 'good worm' from HP
>
> <SNIP>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists