lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <acdc033d0508191241392d2f67@mail.gmail.com>
Date: Fri Aug 19 20:41:30 2005
From: michealespinola at gmail.com (Micheal Espinola Jr)
Subject: Disney Down?

I agree that not all exploits need to or should be handled in such a
way, but this type of open-ended exploit where potentially anything
could have been dropped or altered on a system would force me as an
network/security/systems administrator to have to take appropriate
action to protect my employer.

Yep, it's defiantly extreme.  I wouldn't want to have to do it.  But,
I still would do it all the same.  In my experience the risk is just
too great not to.  Which is why we store data on secure servers, and
can multi-cast images for workstations for easy rebuilds.  Its a shame
not everyone can work in an environment where things like this can be
done that easily, but that doesn't mean that they shouldn't be done at
all.

I have yet to work work for an employer where my management and fellow
staff wouldn't be prepared to do the same - thank goodness.

I shudder to think about it happening to me...


On 8/19/05, Steve Kudlak <chromazine@...global.net> wrote:
> Micheal Espinola Jr wrote: 
> Absolutely. Once a system has been exploited in such a manner, it
> is
completely untrustable. It should most definitely be wiped.

The IT ppl
> in SDC (and many other places) need to all be lined up and
smacked Three
> Stooges style.

On 8/19/05, Donald J. Ankney <dankney@...setfilms.com>
> wrote:

> Any IT department that simply removes a worm and shoves a box back
into
> production has serious issues.

After a machine has been compromised, it
> should be wiped and rebuilt.

>  
> As a practical matter how many boxes are we talking about. I mean I have
> removed worms and viruses (note I don't use the l;ural virii because it is
> too close to the proper Latin Plural of "men";) and put boxes back into use.
> But not in places that are critical. Does one rebuiild everytime something
> goes wrong? Seems extreme to me. I dunno if this is the place to discuss
> issues like this. Now of course with worm designers getting more
> sophisticated it might be that more extereme measures should be taken
> earlier in the descision chain. Now if people implement a really adequate
> backup system, like everything over the last hour is safely backed up it
> might be possible to do that. Anyway it is an interesting case, easy to say
> now that I am disabled and watching from the sidelines.
> 
> Have Fun,
> Sends Steve
> 
> 


-- 
ME2  <http://www.santeriasys.net/>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ