Full Disclosure mailing list archives
Re: Sasser author
From: Rodrigo Barbosa <rodrigob () suespammers org>
Date: Thu, 13 May 2004 16:57:32 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1) Company has firewalls and security stuff (and staff) 2) Manager has a notebook 3) Manager insist that his notebook should not be connected to a "low security" network segment, cause he wants to be on the same network everyone else is, and once he is the boss, things will be the way he wants 4) Manager forbids the instalation of any "stupid software that keeps giving popups every time I want to access the internet" (Personal Firewalls) 5) Manager connect with his notebook to the internet at home 6) Manager plugs his notebook back on the company network How often is this scenary ? I met it at least 3 times during the Sasser infestantion alone. []s On Thu, May 13, 2004 at 08:31:34AM -0700, Harlan Carvey wrote:
Come on, Larry... The first thing in the MS bulletin about Sasser is "enable a firewall"...block the port. Slammer was the same way. And yeah, I know about the dial-up and VPN issues, but there are designs that protect against infections there, was well. Perhaps after all these years of publishing "best practices", maybe the victims would stop...well...being victimized. --- Larry Seltzer <larry () larryseltzer com> wrote:Sasser violates poorly designed/implementednetwork infrastructures. I think we'd better be careful with all this moral equivocating. Some of it's right up there with "she was wearing provocative clothing." It's obvious who the criminal is and who the victim is. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer larryseltzer () ziffdavis com_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- -- Rodrigo Barbosa <rodrigob () suespammers org> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAo9MspdyWzQ5b5ckRArZOAKCT0yRo2hLs6dWALlXJguvK3h4DGACgjc8E B8V0B83GAei8qSBH8RT7cwY= =mRA+ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Sasser author ( off thread post about duplicate emails ), (continued)
- RE: Sasser author ( off thread post about duplicate emails ) Aditya, ALD [Aditya Lalit Deshmukh] (May 14)
- RE: Sasser author ( off thread post about duplicate emails ) Raymond Dijkxhoorn (May 14)
- RE: Sasser author Serge van Ginderachter (svgn) (May 13)
- RE: Sasser author Harlan Carvey (May 13)
- Re[2]: Sasser author Thierry (May 13)
- Re: Re[2]: Sasser author Harlan Carvey (May 13)
- Re: Sasser author Sebastian Rother (May 13)
- Re: Sasser author Jeremiah Cornelius (May 13)
- Re: Sasser author Mister Coffee (May 14)
- RE: Sasser author Harlan Carvey (May 13)
- Re: Sasser author Rodrigo Barbosa (May 13)
- Re: Sasser author Harlan Carvey (May 13)
- RE: Sasser author Bart . Lansing (May 13)
- Re: Sasser author Rodrigo Barbosa (May 13)
- RE: Sasser Author brownr9 (May 13)
- Re: RE: Sasser Author Oliver Kellermann (May 13)
- Fw: Sasser author Paolo Mattiangeli (May 14)
- Re: Fw: Sasser author William Warren (May 14)
- RE: [inbox] Re: Fw: Sasser author Exibar (May 14)
- Re: Fw: Sasser author Nick FitzGerald (May 14)
- Re: Fw: Sasser author William Warren (May 14)
- RE: Sasser author ( off thread post about duplicate emails ) Aditya, ALD [Aditya Lalit Deshmukh] (May 14)