Full Disclosure mailing list archives

Re: Apparently eEye's blog got p0wnd

From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 23 Apr 2007 11:23:17 -0500

--On Monday, April 23, 2007 05:00:49 -0400 Valdis.Kletnieks () vt edu wrote:

On Sun, 22 Apr 2007 11:46:41 CDT, Paul Schmehl said:

--On April 22, 2007 10:45:17 AM +0200 poo <skodliv () gmail com> wrote:
> or maybe ross retard got his login info owned

Why take the whole site down then?  All you'd have to do is disable his
account.


Umm? Maybe for some real *basic* security reason?  For instance, doing
forensics or making *sure* that Ross was the only pwnage, and that it
wasn't anything more serious?

So tell me Paul - if *your* password got pwned, would you take the machine
down, or not? :)

If *mine* got pwned, I'd take the machine down, but if an unprivileged usergot pwned, I'd simply have them change their password, *unless* there wasevidence of problems on that host. Just because someone's account gothijacked doesn't mean that further damage necessarily happened. Lots ofpeople have no access to anything except their own stuff.


Paul Schmehl (pauls () utdallas edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Apparently eEye's blog got p0wnd Paul Schmehl (Apr 21)
- Re: Apparently eEye's blog got p0wnd poo (Apr 22)
  - Re: Apparently eEye's blog got p0wnd Paul Schmehl (Apr 22)
    - Re: Apparently eEye's blog got p0wnd Valdis . Kletnieks (Apr 23)
    - Re: Apparently eEye's blog got p0wnd Paul Schmehl (Apr 23)
    - Re: Apparently eEye's blog got p0wnd David Maynor (Apr 23)
    - Re: Apparently eEye's blog got p0wnd Paul Schmehl (Apr 23)
    - Re: Apparently eEye's blog got p0wnd Dude VanWinkle (Apr 30)