Dailydave mailing list archives
Re: NSRL status check
From: Lance Spitzner <lance () honeynet org>
Date: Tue, 12 Dec 2006 08:58:35 -0600
The way I read it, the most recent release was made October 2006: http://www.nsrl.nist.gov/Downloads.htm#isosOn the face of it such a list seems useful in forensic situations at least.Indeed. Most commercial forensic software comes with instructions on how to use NSRL RDS with the software.
When I used to work for Sun on incident response, Sun maintained a MD5 repository (and they may still do so today), of all the known binaries released by Sun. The idea was, you could do an automated check on a system, looking for Sun binaries that did not match any known signatures. Based on this model, an easy way to create a backdoor would be to simply replace a current binary/file with another known/valid file, but one that is much older and with known vulnerabilities. lance _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- NSRL status check dan (Dec 11)
- Re: NSRL status check Gadi Evron (Dec 12)
- Re: NSRL status check Joanna Rutkowska (Dec 12)
- Re: NSRL status check Kevin Stadmeyer (Dec 12)
- <Possible follow-ups>
- Re: NSRL status check Holt Sorenson (Dec 12)
- Re: NSRL status check Lance Spitzner (Dec 12)
- Re: NSRL status check Joanna Rutkowska (Dec 12)