Full Disclosure mailing list archives

RE: [sean () donelan com: Symantec detected Slamme r worm "hours" before]

From: "Sung J. Choe" <schoe () oicinc com>
Date: Thu, 13 Feb 2003 13:15:43 -1000

How can hundreds of thousands of smart people all focused on system
administration, programming, and infosec keep missing the simplest of
security flaws?

The same way that 100's of trained weapons inspectors in Iraq "know" that
Saddam has weapons and yet keeps missing the weapons.

.--------------------------------------------------.
| Sung J. Choe <schoe[at]oicinc.com>, TICSA        |
| Systems Administrator, Facility Security Officer |
.--------------------------------------------------.----.
                    | Oceanic Imaging Consultants, Inc. |
                    | Phone #: (808) 539-3634 x3634     |
                    .-----------------------------------.

568D CAD6 53A0 92E6 4A2A  4E87 3BA0 5F90 37BB 8EE7

-----Original Message-----
From: Jason Coombs [mailto:jasonc () science org]
Sent: Thursday, February 13, 2003 9:00 AM
To: Len Rose; full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] [sean () donelan com: Symantec detected
Slammer worm "hours" before]

Whether or not DeepSight fielded a few nibbles from Sapphire 
before its
first successful penetration occurred, one has to ask the 
question "who
cares?"

If DeepSight couldn't tell administrators that their boxes exposed a
critical remote exploitable well-known buffer overflow 
vulnerability then
what good is it?

How can hundreds of thousands of smart people all focused on system
administration, programming, and infosec keep missing the simplest of
security flaws?

http://enterprisesecurity.symantec.com/content.cfm?articleid=1
985&EID=0
  "For example, the DeepSight Threat Management System discovered the
  Slammer worm hours before it began rapidly propagating. Symantec's
  DeepSight Threat Management System then delivered timely alerts and
  procedures, enabling administrators to protect against the attack
  before their environment was compromised."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Attachment: schoe.vcf
Description:

Current thread:

RE: [sean () donelan com: Symantec detected Slamme r worm "hours" before] Arjen De Landgraaf (Feb 13)
- <Possible follow-ups>
- RE: [sean () donelan com: Symantec detected Slamme r worm "hours" before] Sung J. Choe (Feb 13)