Dailydave mailing list archives

Re: NSRL status check

From: Lance Spitzner <lance () honeynet org>
Date: Tue, 12 Dec 2006 08:58:35 -0600

The way I read it, the most recent release was made October 2006:
http://www.nsrl.nist.gov/Downloads.htm#isos

On the face of it such a list seems useful in forensic situations
at least.


Indeed. Most commercial forensic software comes with instructions on
how to use NSRL RDS with the software.


When I used to work for Sun on incident response, Sun maintained a  
MD5 repository (and they may still do so today), of all the known  
binaries released by Sun. The idea was, you could do an automated  
check on a system, looking for Sun binaries that did not match any  
known signatures.  Based on this model, an easy way to create a  
backdoor would be to simply replace a current binary/file with  
another known/valid file, but one that is much older and with known  
vulnerabilities.

lance
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

NSRL status check dan (Dec 11)
- Re: NSRL status check Gadi Evron (Dec 12)
- Re: NSRL status check Joanna Rutkowska (Dec 12)
  - Re: NSRL status check Kevin Stadmeyer (Dec 12)
- <Possible follow-ups>
- Re: NSRL status check Holt Sorenson (Dec 12)
  - Re: NSRL status check Lance Spitzner (Dec 12)
- Re: NSRL status check Joanna Rutkowska (Dec 12)