funsec mailing list archives

Re: thoughts

From: David M Chess <chess () us ibm com>
Date: Tue, 31 Mar 2009 09:41:48 -0400

anyone comment on this and your thoughts or knowledge on what can be
done or what we can expect to be done? April 1rst hype or does anyone
REALLY know?

http://www.securityfocus.com/brief/936


I have no actual knowledge :) but it seems plausible enough; they found 
some piece of behavior, visible from the network without any privileged 
access to the machine, that the C variant changes when it infects 
(probably, from the wording of that piece, having to do with a legitimate 
request that fails, or fails differently, on a C-infected system). 
Obviously a nice tool to use to scan your intranet or whatever for 
infected machines that you can then kick off the network and send someone 
'round to fix.  Rather than having to have someone get privileged (and/or 
physical) access to every single machine to check it the old way.  There's 
a bit more information on the Kaminsky page that secfoc links to: "
http://www.doxpara.com/?p=1285";.

DC

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

thoughts RandallM (Mar 31)
- Re: thoughts Gadi Evron (Mar 31)
  - Re: thoughts Dave Nelson (Mar 31)
  - Re: thoughts RandallM (Mar 31)
  - Re: thoughts David Harley (Mar 31)
    - Re: thoughts RandallM (Mar 31)
  - Re: thoughts Remo Cornali (Mar 31)
    - Re: thoughts der Mouse (Mar 31)
    - Re: thoughts phester (Mar 31)
    - Re: thoughts Steve Pirk (Mar 31)
- Re: thoughts David M Chess (Mar 31)
- Re: thoughts Martin Tomasek (Mar 31)
- Re: thoughts Alex Lanstein (Mar 31)
  - Re: thoughts Valdis . Kletnieks (Mar 31)