Full Disclosure mailing list archives
Re: Disney Down?
From: "Donald J. Ankney" <dankney () sunsetfilms com>
Date: Fri, 19 Aug 2005 10:50:56 -0700
Any IT department that simply removes a worm and shoves a box back into production has serious issues.
After a machine has been compromised, it should be wiped and rebuilt. I don't trust myself to find everything that an intruder (or intruding software) may have done while in the system. I trust my disaster-recovery plan to make sure that rapid data restoration is possible after a machine is taken down and rebuilt.
On Aug 17, 2005, at 12:15 PM, Jason Coombs wrote:
American Express has been unable to provide me with customer service by telephone since the outbreak began.Larry, you of all people can't possibly believe that the scope of this incident is limited to what you read in the news.Furthermore, do you truly believe that the worms are the point here?The worms cause a distraction, and the media plus the antivirus industry collaborate to make victims believe that they can recover from the incident just by shutting down the worm.What about attacks that took place with the worms as cover? How many high-value systems just got compromised, and will remain so, by something other than the worms' code -- where the victim won't even bother to investigate that possibility because they feel like the worm was the incident.Regards, Jason Coombs jasonc () science org -----Original Message----- From: "Larry Seltzer" <larry () larryseltzer com> Date: Wed, 17 Aug 2005 08:20:17To:"'Micheal Espinola Jr'" <michealespinola () gmail com>, <full- disclosure () lists grok org uk>Subject: RE: [Full-disclosure] Disney Down?"So patch your systems, but don't miss your kid's play in order to do it.We've seen a lot worse than this in the past."Brilliant advise[sic]!Yeah, clearly I timed the column badly, but I still think there's more smokethan fire on this outbreak. If it had been International Paper or somecompany like that rather than media outlets I suspect it wouldn't be getting all this attention. I also think it's fair to say that when it dies down, relatively soon, it won't achieve the endemic status of Blaster and Sasserbecause it will have little or no presence on consumer systems. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Disney Down?, (continued)
- Re: Disney Down? John Smith (Aug 17)
- RE: Disney Down? Jan Nielsen (Aug 17)
- RE: Disney Down? Michael Young (Aug 17)
- RE: Disney Down? fd (Aug 17)
- Re: Disney Down? Mike Sawicki (Aug 17)
- RE: Disney Down? Fergie (Paul Ferguson) (Aug 17)
- RE: Disney Down? DudeVanWinkle (Aug 17)
- RE: Disney Down? Jan Nielsen (Aug 17)
- Re: Disney Down? Jason Coombs (Aug 17)
- Re: Disney Down? Technica Forensis (Aug 19)
- Re: Disney Down? Donald J. Ankney (Aug 19)
- Re: Disney Down? Micheal Espinola Jr (Aug 19)
- Re: Disney Down? Steve Kudlak (Aug 19)
- Re: Disney Down? Micheal Espinola Jr (Aug 19)