Full Disclosure mailing list archives
Re:RE: new outbreak warning - Bagle
From: "ITSecurity Officer" <itsecurity () mq edu au>
Date: Tue, 20 Jan 2004 09:32:29 +1000
How many companies allow *.exe attachments @ the perimeter? Then allow 6777 outbound.
Those would be the two really good reason why University's see this traffic between the first and the second post of the virus diagnostic messages. Between "it exists" and "it does this" .. its too late.
I'm speculating that small shops / home users are the largest targets. But *shouldn't* enterprise solutions stop this.
Your presumption is that all enterprises have enterprise security solutions. Silo budget allocations make for sporadic bursts of point purchases/solutions that have little impact in the net risk position of the entity as a whole. Definitely the best example, outside of government, that regional politics influences international security. I am happy to have read a few postings on this list, in the past week, that show some organisational maturity. Some of the most valuable information security work that is under-exposed is the Investment and ROI strategies for information security expenditure. It is very hard to sell security to an organisational entity who's primary objective is not to make money, who directly associates information with "A4", and who remembers the internet as being "that funny little project we dabbled in 15-20 years ago". Organisational culture (and change) is the biggest security issue that I've ever had to resolve, in my professional security career. And its a hell of a lot more "challenging" than the next piece of mobile vbscript .. (when are we going to see some mutation code in some of these wsh apps?) I can't say I've seen anything off-topic on this list ... regrettably, though, whlie I would like to be on the official list of the top 3 or 4 arseholes that was published recently, I don't get time to post as often as I would like ... I do want to get back to this list about some oddity that I'm seeing out of Internet Explorer, that I think *may* ultimately allow cross- zone exploits. -- Ian Latter IT Security Officer Macquarie University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- new outbreak warning - Bagle Gadi Evron (Jan 18)
- <Possible follow-ups>
- RE: new outbreak warning - Bagle Perrymon, Josh L. (Jan 19)
- Re: RE: new outbreak warning - Bagle Gadi Evron (Jan 19)
- Re: RE: new outbreak warning - Bagle William Warren (Jan 20)
- Re:RE: new outbreak warning - Bagle ITSecurity Officer (Jan 19)