Re: Disney Down?

[Steve Kudlak <chromazine () sbcglobal net>]

Micheal Espinola Jr wrote:

> Absolutely.  Once a system has been exploited in such a manner, it is
> completely untrustable.  It should most definitely be wiped.
>
> The IT ppl in SDC (and many other places) need to all be lined up and
> smacked Three Stooges style.
>
> On 8/19/05, Donald J. Ankney <dankney () sunsetfilms com> wrote:
>  
>
> > Any IT department that simply removes a worm and shoves a box back
> > into production has serious issues.
> >
> > After a machine has been compromised, it should be wiped and rebuilt.
> >    
>
>  
As a practical matter how many boxes are we talking about. I mean I have 
removed worms and viruses (note I don't use the l;ural virii because it 
is too close to the proper Latin Plural of "men";) and put boxes back 
into use. But not in places that are critical. Does one rebuiild 
everytime something goes wrong? Seems extreme to me. I dunno if this is 
the place to discuss issues like this. Now of course with worm designers 
getting more sophisticated it might be that more extereme measures 
should be taken earlier in the descision chain. Now if people implement 
a really adequate backup system, like everything over the last hour is 
safely backed up it might be possible to do that. Anyway it is an 
interesting case, easy to say now that I am disabled and watching from 
the sidelines.

Have Fun,
Sends Steve

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/