| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Aug 19 18:51:06 2005 From: dankney at sunsetfilms.com (Donald J. Ankney) Subject: Disney Down? Any IT department that simply removes a worm and shoves a box back into production has serious issues. After a machine has been compromised, it should be wiped and rebuilt. I don't trust myself to find everything that an intruder (or intruding software) may have done while in the system. I trust my disaster-recovery plan to make sure that rapid data restoration is possible after a machine is taken down and rebuilt. On Aug 17, 2005, at 12:15 PM, Jason Coombs wrote: > American Express has been unable to provide me with customer > service by telephone since the outbreak began. > > Larry, you of all people can't possibly believe that the scope of > this incident is limited to what you read in the news. > > Furthermore, do you truly believe that the worms are the point here? > > The worms cause a distraction, and the media plus the antivirus > industry collaborate to make victims believe that they can recover > from the incident just by shutting down the worm. > > What about attacks that took place with the worms as cover? How > many high-value systems just got compromised, and will remain so, > by something other than the worms' code -- where the victim won't > even bother to investigate that possibility because they feel like > the worm was the incident. > > Regards, > > Jason Coombs > jasonc@...ence.org > > -----Original Message----- > From: "Larry Seltzer" <larry@...ryseltzer.com> > Date: Wed, 17 Aug 2005 08:20:17 > To:"'Micheal Espinola Jr'" <michealespinola@...il.com>, <full- > disclosure@...ts.grok.org.uk> > Subject: RE: [Full-disclosure] Disney Down? > > >>> "So patch your systems, but don't miss your kid's play in order >>> to do it. >>> > We've seen a lot worse than this in the past." > >>> Brilliant advise[sic]! >>> > > Yeah, clearly I timed the column badly, but I still think there's > more smoke > than fire on this outbreak. If it had been International Paper or some > company like that rather than media outlets I suspect it wouldn't > be getting > all this attention. I also think it's fair to say that when it dies > down, > relatively soon, it won't achieve the endemic status of Blaster and > Sasser > because it will have little or no presence on consumer systems. > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blog.ziffdavis.com/seltzer > Contributing Editor, PC Magazine > larryseltzer@...fdavis.com > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >
Powered by blists - more mailing lists