Full Disclosure mailing list archives

RE: The 'good worm' from HP

From: "Todd Towles" <toddtowles () brookshires com>
Date: Sat, 21 Aug 2004 19:57:53 -0500

Allan is right. I didn't notice people calling it a worm. It is suppose
to be a patch management product that will actually use the expolit hole
to patch the box. It is a controlled problem and should be used only on
computers control by the corporation that owns the software.

But is it still a good idea...I don't think so. Exploiting stuff
sometimes crashes systems and could corrupt stuff. Why do it that way,
when you could just apply a patch directly. 

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
fulldisclosure () wateraxe demon nl
Sent: Saturday, August 21, 2004 4:07 AM
To: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] The 'good worm' from HP

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I really don't KNOW what HP is doing, but I would assume that it's just
a 'product' and not a worm. Meaning, you can probably setup 1 system on
your network that scans a specified range (for example only your
workstations if you're worried about your servers getting autopatched).
So any machines that are somehow not picked up by your normal patch
management system (maybe it's not a member of your domain ..) will still
get patched. I also assume they will not 'infect' any machines to use
them to scan further (ie worm behaviour). I'm not saying this is all
good or bad, but I was reading this thread and it seems you are all
expecting HP to just let this loose on the internet.

Allan


[snip]

I hope the HP folk have read it and thought very carefully about all
this...  (Sadly the media reports are too "light and fluffy" to make
anything sensible of what HP is really proposing.) [/snip]



- - --
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQScQtpNqa4mRthN9EQL1lwCfb594IT8yK46290dA7VGw1Gw/YcQAn0O3
16uV3oCHHymuvCGUqHPoY4uc
=+HGg
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: The 'good worm' from HP, (continued)
- - Re: The 'good worm' from HP Nick FitzGerald (Aug 20)
    - RE: The 'good worm' from HP fulldisclosure (Aug 21)
    - Re: The 'good worm' from HP michael williamson (Aug 21)
    - Re: The 'good worm' from HP Maarten (Aug 21)
    - Re: The 'good worm' from HP michael williamson (Aug 21)
    - Re: The 'good worm' from HP Bart . Lansing (Aug 23)
- Re: The 'good worm' from HP Jesse Valentin (Aug 20)
- Re: The 'good worm' from HP Jesse Valentin (Aug 20)
- RE: The 'good worm' from HP Todd Towles (Aug 20)
  - RE: The 'good worm' from HP Nick FitzGerald (Aug 20)
- RE: The 'good worm' from HP Todd Towles (Aug 21)
  - RE: The 'good worm' from HP joe (Aug 22)
- RE: The 'good worm' from HP Todd Towles (Aug 22)
  - Re: The 'good worm' from HP The Central Scroutinizer (Aug 22)
    - Re: The 'good worm' from HP stephane nasdrovisky (Aug 23)
    - Re: The 'good worm' from HP Valdis . Kletnieks (Aug 23)
- RE: The 'good worm' from HP Todd Towles (Aug 23)
- RE: The 'good worm' from HP The Central Scroutinizer (Aug 23)
  - RE: !SPAM! RE: The 'good worm' from HP Yaakov Yehudi (Aug 24)