lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <430632FA.7080709@sbcglobal.net>
Date: Fri Aug 19 20:28:45 2005
From: chromazine at sbcglobal.net (Steve Kudlak)
Subject: Disney Down?

Micheal Espinola Jr wrote:

>Absolutely.  Once a system has been exploited in such a manner, it is
>completely untrustable.  It should most definitely be wiped.
>
>The IT ppl in SDC (and many other places) need to all be lined up and
>smacked Three Stooges style.
>
>On 8/19/05, Donald J. Ankney <dankney@...setfilms.com> wrote:
>  
>
>>Any IT department that simply removes a worm and shoves a box back
>>into production has serious issues.
>>
>>After a machine has been compromised, it should be wiped and rebuilt.
>>    
>>
>
>  
>
As a practical matter how many boxes are we talking about. I mean I have 
removed worms and viruses (note I don't use the l;ural virii because it 
is too close to the proper Latin Plural of "men";) and put boxes back 
into use. But not in places that are critical. Does one rebuiild 
everytime something goes wrong? Seems extreme to me. I dunno if this is 
the place to discuss issues like this. Now of course with worm designers 
getting more sophisticated it might be that more extereme measures 
should be taken earlier in the descision chain. Now if people implement 
a really adequate backup system, like everything over the last hour is 
safely backed up it might be possible to do that. Anyway it is an 
interesting case, easy to say now that I am disabled and watching from 
the sidelines.

Have Fun,
Sends Steve

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050819/0c85ab81/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ