Full Disclosure mailing list archives
Re: JAP back doored
From: Darren Bounds <dbounds () intrusense com>
Date: Tue, 26 Aug 2003 16:17:42 -0400
Good afternoon, In my experience it can be significantly more challenging to defend large enterprise than to defend a small-medium sized enterprise for a number of reasons. First of all, your typical Fortune 500 company is generally going to be a larger and much more complicated infrastructure. As such you must tread softly when making changes so not to upset the complex mesh of interdependencies that exist. More often than not, even the slightest change could have dire consequences if not tested thoroughly or communicated to the necessary business units. I know of several companies who patched the DCOM vulnerability relatively quickly, only to meet with connectivity issues due to new port requirements and no firewall policy to support it. Secondly you have the bureaucracy. An example of which could be the change management policies. Administrators, developers and analysts share a small window of opportunity to make changes each week. These changes have to be evaluated for possible conflicts and prioritized with the understanding that, your patch requirements may have to take a back seat to enhancements or a resolution to an existing problem. Finally, you shouldn't assume the size of the company will reflect the skill level of its employees. Fortune 500 companies have just as much chance of hiring the 'right' person as anyone. In fact, since it's fairly common for them to offer a smaller salary in exchange for stability and benefits, one could assume that in a number of cases, they may have slightly less chance. Remember, it takes much less effort to turn a rowboat than it takes to turn an aircraft carrier. Thanks, Darren Bounds Security Consultant Information Security Services Intrusense LLC. -- Intrusense - Securing Business As Usual
From: "morning_wood" <se_cur_ity () hotmail com> To: <full-disclosure () lists netsys com> Subject: Re: [Full-disclosure] JAP back doored Date: Mon, 25 Aug 2003 10:02:50 -0700Do you think this is a relistic szenario ? I'm not surehmm, criminals using hacked computers as proxy?? im sure that never happens. and im prety everone can prove and tell they have been hacked, hah with the recent rpc-dcom exploit, as proved here even Fortune 500 company admins cant secure thier systems or even know theve been compromised. im sure that never happens.... open your eyes wood --__--__--
-- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: JAP back doored, (continued)
- Re: JAP back doored Valdis . Kletnieks (Aug 27)
- Re: JAP back doored Goncalo Costa (Aug 27)
- RE: JAP back doored Drew Copley (Aug 27)
- Re: JAP back doored Jeremiah Cornelius (Aug 27)
- RE: JAP back doored Drew Copley (Aug 27)
- Re: JAP back doored Goncalo Costa (Aug 28)
- RE: JAP back doored Drew Copley (Aug 29)
- Re: JAP back doored Valdis . Kletnieks (Aug 27)
- RE: JAP back doored Drew Copley (Aug 25)