Full Disclosure mailing list archives
RE: Learn from history?
From: "Alerta Redsegura" <alerta () redsegura com>
Date: Wed, 5 May 2004 11:36:01 -0500
A logical conclusion would be: 1. Keep informed. 2. Install patches as soon as possible 2. If a patch cannot be installed, find workarounds 3. If it is a port-related threat, find out if such ports are in use, and if not, make sure they are closed. (Of course there would normally be no need for this, since only *necessary* ports should be open *and* if connection is required only from specific points, IP's should be restricted as well) Although I have the pleasure to work with organizations who have very proactive and efficient IT officials, the attitude I've seen in other companies, from the people supposed to be in charge of the corporate network security has, at first, made me angry, but thinking of it afterwards, it is even amusing. It is not the general rule (I hope), but even though, this should not be happening. Some of the comments overheard this week regarding Sasser: "It was not our fault: It is the users'. Although we repeatedly tell them not to do it, they always open these email attachments!" "(While reinstalling Windows on 95% of the boxes) We have no problems here, we do not need external advice, these things do happen and there is no way to prevent it. We have antivirus software on every machine." "I search for Windows Updates every day, even several times a day." "I started to download the Windows patches, but, man, it took a lot of time! So I aborted the download." "We have a very good security policy and ensure it is enforced organization-wide, but the way we got infected is completely out of our control: a vice-president made a dial-up connection to the Internet from his laptop (connected to the network) because connection through the LAN was slow. However, I will bring up the issue at the next committee meeting." Will they learn from history? Only history will tell. Cheers, Iñigo Koch Red Segura
-----Mensaje original----- De: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]En nombre de Lennart Damm Enviado el: miércoles 5 de mayo de 2004 3:55 Para: full-disclosure () lists netsys com Asunto: [Full-Disclosure] Learn from history? It would be interesting to draw security conclusions from past vulnerabilities and accompanying solutions (patches, etc.). If possible connected to mobile wireless, but there is probably little to find there. Any compilation of results would be fine, covering as many platforms/OSs/SW languages/applications as possible. To answer the questions: Why did this have to happen? Were there no other (pro-active) solutions? What design and runtime procedures/processes were used? What can we apply for the future? Anyone active in this field? Any reports published? I am not looking for statistics, but useful experience. Results to be used in Mobile Internet Security training course for increasing security awareness. Lennart Damm _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Learn from history? Lennart Damm (May 05)
- RE: Learn from history? Alerta Redsegura (May 05)
- Re: Learn from history? Valdis . Kletnieks (May 05)
- <Possible follow-ups>
- RE: Learn from history? Serge van Ginderachter (svgn) (May 05)
- RE: Learn from history? Alerta Redsegura (May 05)
- RE: Learn from history? full-disclosure (May 05)
- RE: Learn from history? Stuart Fox (DSL AK) (May 05)
- RE: Learn from history? Alerta Redsegura (May 05)
- RE: Learn from history? Stuart Fox (DSL AK) (May 05)
- Re: Learn from history? Ondrej Krajicek (May 06)
- RE: Learn from history? Serge van Ginderachter (svgn) (May 06)
- RE: Learn from history? Alerta Redsegura (May 06)
(Thread continues...)