Full Disclosure mailing list archives
RE: The 'good worm' from HP
From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 23 Aug 2004 08:46:52 -0500
Microsoft has. It is called SMS. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of The Central Scroutinizer Sent: Sunday, August 22, 2004 7:35 PM To: Mailing List - Full-Disclosure Subject: Re: [Full-disclosure] The 'good worm' from HP Would it not be better to have a standard secure backdoor provided by a security package that could downloaded or installed by disk and works hand in hand with port scanning software, if this is really necassary. I am supprised Microsoft have not released such a peice of software; maybe a third party have. Aaron ----- Original Message ----- From: "Todd Towles" <toddtowles () brookshires com> To: "joe" <mvp () joeware net> Cc: "Mailing List - Full-Disclosure" <full-disclosure () lists netsys com> Sent: Sunday, August 22, 2004 7:15 PM Subject: RE: [Full-disclosure] The 'good worm' from HP
I hope it is a bad choice of words. He is a VP, should I say more? Even if it is a controlled worm that moves around in the internal network patching computers, it sounds like a very stupid idea. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of joe Sent: Sunday, August 22, 2004 8:20 AM To: Todd Towles; fulldisclosure () wateraxe demon nl; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] The 'good worm' from HPAllan is right. I didn't notice people calling it a worm.From the article at InfoWorld... <SNIP> We've been working with (customers) for the last month now," said Tony Redmond, vice president and chief technology officer with HP Services
in
an interview. <SNIP> "This is a good worm," said Redmond. "It's turning the techniques (of the attackers) back on them." <SNIP> Possibly he used a bad choice of words. I definitely agree though that you probably shouldn't be "infecting" machines to patch them. In order to patch through a hole like that you are running code through that hole and that is the same as infecting
in
my book, you just aren't propogating. You could still make the machine unstable or cause other issues. I think my preference would be
something
along the lines of what the NetSquid project is doing mentioned previously but be more aggressive. Sure have the feed from SNORT to actively go out and pop the machines currently sending bad traffic,
but
also scan for machines that *could* get infected and shut them down as well. That would be a good use of this tech HP is working on, simply identify the machines.
However
others have done the similar in terms of detection so that wouldn't be nearly as new and daring. They could do a good thing by making it
fully
supported by a big name, stable, quick, and part of an overall
framework
for protecting the network environment. joe -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Todd
Towles
Sent: Saturday, August 21, 2004 8:58 PM To: fulldisclosure () wateraxe demon nl; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] The 'good worm' from HP <SNIP> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: The 'good worm' from HP, (continued)
- Re: The 'good worm' from HP Jesse Valentin (Aug 20)
- Re: The 'good worm' from HP Jesse Valentin (Aug 20)
- RE: The 'good worm' from HP Todd Towles (Aug 20)
- RE: The 'good worm' from HP Nick FitzGerald (Aug 20)
- RE: The 'good worm' from HP Todd Towles (Aug 21)
- RE: The 'good worm' from HP joe (Aug 22)
- RE: The 'good worm' from HP Todd Towles (Aug 22)
- Re: The 'good worm' from HP The Central Scroutinizer (Aug 22)
- Re: The 'good worm' from HP stephane nasdrovisky (Aug 23)
- Re: The 'good worm' from HP Valdis . Kletnieks (Aug 23)
- Re: The 'good worm' from HP The Central Scroutinizer (Aug 22)
- RE: The 'good worm' from HP Todd Towles (Aug 23)
- RE: The 'good worm' from HP The Central Scroutinizer (Aug 23)
- RE: !SPAM! RE: The 'good worm' from HP Yaakov Yehudi (Aug 24)