lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: toddtowles at brookshires.com (Todd Towles)
Subject: The 'good worm' from HP

Microsoft has. It is called SMS. 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of The Central
Scroutinizer
Sent: Sunday, August 22, 2004 7:35 PM
To: Mailing List - Full-Disclosure
Subject: Re: [Full-Disclosure] The 'good worm' from HP

Would it not be better to have a standard secure backdoor provided by a
security package that could downloaded or installed by disk and works
hand in hand with port scanning software, if this is really necassary. I
am supprised Microsoft have not released such a peice of software; maybe
a third party have.

Aaron

----- Original Message -----
From: "Todd Towles" <toddtowles@...okshires.com>
To: "joe" <mvp@...ware.net>
Cc: "Mailing List - Full-Disclosure" <full-disclosure@...ts.netsys.com>
Sent: Sunday, August 22, 2004 7:15 PM
Subject: RE: [Full-Disclosure] The 'good worm' from HP


>I hope it is a bad choice of words. He is a VP, should I say more?
>
> Even if it is a controlled worm that moves around in the internal
> network patching computers, it sounds like a very stupid idea.
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of joe
> Sent: Sunday, August 22, 2004 8:20 AM
> To: Todd Towles; fulldisclosure@...eraxe.demon.nl;
> full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] The 'good worm' from HP
>
>> Allan is right. I didn't notice people calling it a worm.
>
>
> From the article at InfoWorld...
>
> <SNIP>
> We've been working with (customers) for the last month now," said Tony
> Redmond, vice president and chief technology officer with HP Services
in
> an interview.
> <SNIP>
> "This is a good worm," said Redmond. "It's turning the techniques (of
> the
> attackers) back on them."
> <SNIP>
>
> Possibly he used a bad choice of words.
>
>
>
> I definitely agree though that you probably shouldn't be "infecting"
> machines to patch them. In order to patch through a hole like that you
> are running code through that hole and that is the same as infecting
in
> my book, you just aren't propogating. You could still make the machine
> unstable or cause other issues. I think my preference would be
something
> along the lines of what the NetSquid project is doing mentioned
> previously but be more aggressive. Sure have the feed from SNORT to
> actively go out and pop the machines currently sending bad traffic,
but
> also scan for machines that
> *could* get infected and shut them down as well. That would be a good
> use of this tech HP is working on, simply identify the machines.
However
> others have done the similar in terms of detection so that wouldn't be
> nearly as new and daring. They could do a good thing by making it
fully
> supported by a big name, stable, quick, and part of an overall
framework
> for protecting the network environment.
>
>  joe
>
>
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Todd
Towles
> Sent: Saturday, August 21, 2004 8:58 PM
> To: fulldisclosure@...eraxe.demon.nl; full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] The 'good worm' from HP
>
> <SNIP>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists