Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Corporate Virus Threats

From: "Antczak, Ed" <Ed.Antczak () fnf com>
Date: Fri, 30 Jun 2006 11:51:17 -0500
 
I second the motion.
An opportunity to focus and filter the broad spectrum of security issues
is welcome if possible.

Edwin Antczak
Windows Engineer

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of n3td3v
Sent: Friday, June 30, 2006 9:48 AM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Corporate Virus Threats

On 6/30/06, Castigliola, Angelo <ACastigliola () unumprovident com> wrote:

When the malicious code writers build their viruses and Trojans why 
not code the threats to detect the use of proxy servers and if used, 
connect through them.


Typically you can get to the internet through the default gateway

directly from the computer without needing to configure proxy settings.
A better question would be why do viruses run in user-mode versus kernel
mode (see http://www.phrack.org/show.php?p=62&a=6 "Kernel-mode backdoors
for Windows NT")? My guess is that 15-18 year old kids that write
viruses mostly use recycled code and are often poorly written.



Working in Corporate America, most firewall configurations block 
outbound TCP 80, asthe proxies listen on other non-standard TCP

ports.


I do not agree with this. Most corporations allow outbound TCP 80.

I think this thread is more appropriate for focus-virus and not

Full-disclosure.

Full-Disclosure should setup its own dedicated lists for individual
topics like securityfocus.com do.

The thought of going near a Symantec run list makes me cringe.

John Cartwright, can we have more Full-Disclosure lists setup for
specialized topics?

Heres my suggestions:

FD social engineering and phishing list - discussion of social
engineering issues and its variants

FD vulnerability development list - discussion of development and
prevention of vulnerabilities

FD incident response and recovery list - discussion of response and
recovery issues

FD voice over internet protocol list - discussion of VoIP security
issues

FD web application security list - discussion of web application, and
AJAX, FJAX secure coding.

FD bug disclosures list - discussion of new security threats and
analysis

FD enterprise security list - discussion of corporate security issues,
and patch management, and employee monitoring

FD security careers list - discussion of latest jobs within security
industry

FD media coverage list - discussion of security related stories in the
news

FD vendor software support list - discussion of security product
support, anti virus, ids, firewall issues, security basics, setting up
software securely

FD is the future! Its time to upgrade FD, so we can take on the might of
Securityfocus.com, and give them a run for their money. Don't copy
Securityfocus though, originate, not duplicate!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: