Full Disclosure mailing list archives

Re:RE: new outbreak warning - Bagle

From: "ITSecurity Officer" <itsecurity () mq edu au>
Date: Tue, 20 Jan 2004 09:32:29 +1000

How many companies allow *.exe attachments @ the perimeter? Then allow 6777
outbound.


Those would be the two really good reason why University's see this 
traffic between the first and the second post of the virus diagnostic 
messages.  Between "it exists" and "it does this" .. its too late.

I'm speculating that small shops / home users are the largest targets. But
*shouldn't* enterprise 
solutions stop this.


Your presumption is that all enterprises have enterprise security 
solutions.  Silo budget allocations make for sporadic bursts of point
purchases/solutions that have little impact in the net risk position
of the entity as a whole.  Definitely the best example, outside of 
government, that regional politics influences international security.


I am happy to have read a few postings on this list, in the past 
week, that show some organisational maturity.  Some of the most
valuable information security work that is under-exposed is the 
Investment and ROI strategies for information security expenditure.  

It is very hard to sell security to an organisational entity who's
primary objective is not to make money, who directly associates
information with "A4",  and who remembers the internet as being
"that funny little project we dabbled in 15-20 years ago".

Organisational culture (and change) is the biggest security issue
that I've ever had to resolve, in my professional security career. 
And its a hell of a lot more "challenging" than the next piece of 
mobile vbscript .. (when are we going to see some mutation code
in some of these wsh apps?)


I can't say I've seen anything off-topic on this list ... regrettably,
though, whlie I would like to be on the official list of the top 3 or 4 
arseholes that was published recently, I don't get time to post as
often as I would like ...

I do want to get back to this list about some oddity that I'm seeing
out of Internet Explorer, that I think *may* ultimately allow cross-
zone exploits.





--
Ian Latter
IT Security Officer
Macquarie University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

new outbreak warning - Bagle Gadi Evron (Jan 18)
- <Possible follow-ups>
- RE: new outbreak warning - Bagle Perrymon, Josh L. (Jan 19)
  - Re: RE: new outbreak warning - Bagle Gadi Evron (Jan 19)
  - Re: RE: new outbreak warning - Bagle William Warren (Jan 20)
- Re:RE: new outbreak warning - Bagle ITSecurity Officer (Jan 19)