| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Nov 2010 16:05:32 +0000 From: mrx <mrx@...pergander.org.uk> To: full-disclosure@...ts.grok.org.uk Subject: Re: virus in email RTF message MS OE almost disabled -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23/11/2010 15:03, Mikhail A. Utin wrote: > This my final reply. > For still interested: > - it happened on my home PC > - immediately disconnected (for a few interested people I can forward email to taste this thing after receiving appropriate paperwork) > - it is beyond MS released SPs for Office and Windows > - using this list is OK as we discuss vulnerabilities > - using corporate email is not prohibited to discuss professional topics > - public emails, charts/IM, social sites are prohibited by policies > > Sorry, I was looking for a few short ideas and mostly for known cases, but not lecturing. I'll fix it, not a big deal. Expect others as having some knowledge as well and do not waste time. BTW, certifications help in all covered matters, believe me. Even in understanding that other may know something and do have certain experience. > > If you know such cases, please, reply. Otherwise do not waste your and computer energy. > > Thank you > > Mikhail A. Utin, CISSP > Information Security Analyst > Commonwealth Care Alliance > 30 Winter St. > Boston, MA > TEL: (617) 426-0600 x.288 > FAX: (617) 249-2114 > http://www.commonwealthcare.org > mutin@...monwealthcare.org > <snip> With a CISSP I expect you would have the skill to set up a VM, replicate the scenario and monitor system activity... Analysis. A Scroogle/Google on some of your results should provide the answers you need. I'm sorry but I fail to understand how someone with a CISSP would require help in dealing with this. My limited experience leads me to believe that like any security analyst, a CISSP should have a lab of some description at home. Doubly so for a CISSP who is a security analyst. Your initial post did you no favours and casts doubt on your abilities to live up to the standards required by your qualification and position. The only time to leak information about security practice to this list is when you want a free pentest from some of the less scrupulous members of FD. Using plain text for emails shuts down a whole lot of attack vectors in OE, as it does in any email client. But you are a CISSP, you don't need me telling you this. Don't take my comments or the comments of others too hard and certainly not personally. This is a tough room, with some exacting professionals. Regards Dave something Information Security Noob. - -- Mankind's systems are white sticks tapping walls. http://www.propergander.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTOvmTLIvn8UFHWSmAQLO5wf/VDh2T4EpNCQkTbdwHLvzVWzkSSu8H2WM QdWWquj2IK8npt7UqrmZZ/skvpYxZeYcWvfj034CEPPcfyRqFQFN/FilbQ1zDKFV b2+r8yuXD2pfPWJdPixvCaR05+IgtSSbIxqFOgkbW7fvYqiNoYD2iDtAsatWMJIk kOWkSgdAyZjLaWB3oGbHTDnunIikIdstM74T4HjVymfAf72GJB6CtipM0TtW3XaL yh9xwQO0R28mrwoMLWj/KGyTHEeXa/xxCXB6bNSzDlE01eJxUroagKtlDdU2eXWd 02fARANHvfUDBozL+PUc7scGSkeO2fxw1Ffs3uZhotLs/XG+iEi8NQ== =IAaY -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists