lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4129E4D5.1060104@paradigmo.com>
From: stephane.nasdrovisky at paradigmo.com (stephane nasdrovisky)
Subject: The 'good worm' from HP

The Central Scroutinizer wrote:

> Would it not be better to have a standard secure backdoor provided by 
> a security package that could downloaded or installed by disk and 
> works hand in hand with port scanning software, if this is really 
> necassary. I am supprised Microsoft have not released such a peice of 
> software; maybe a third party have.

There is a known backdoor on every modern system: the 
administrator/root/whatever account.
Systeminternals(and others) have a tool which allows remote execution on 
windows nt/2k/xp (*)... could be a solution (we used it to install ie 6 
and thunderbird x.y.z), ssh or even rsh exists for most unix variants.
We once used symantec's av remote management console (named: ???, the 
current version is not smart enough for this) to install things like 
netscape browser and making sure some registry & files were as we 
wanted...it's again a windows nt/2k/xp 'feature', for unixes, ssh or rsh 
(or is it rexec ?) are still available.
*: one such a tool adds a scheduled task and make sure the task 
scheduler is running.

>> Even if it is a controlled worm that moves around in the internal
>> network patching computers, it sounds like a very stupid idea.
>
> I hope it is a bad choice of words. He is a VP, should I say more?



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ