funsec mailing list archives
Re: thoughts
From: David M Chess <chess () us ibm com>
Date: Tue, 31 Mar 2009 09:41:48 -0400
anyone comment on this and your thoughts or knowledge on what can be done or what we can expect to be done? April 1rst hype or does anyone REALLY know? http://www.securityfocus.com/brief/936
I have no actual knowledge :) but it seems plausible enough; they found some piece of behavior, visible from the network without any privileged access to the machine, that the C variant changes when it infects (probably, from the wording of that piece, having to do with a legitimate request that fails, or fails differently, on a C-infected system). Obviously a nice tool to use to scan your intranet or whatever for infected machines that you can then kick off the network and send someone 'round to fix. Rather than having to have someone get privileged (and/or physical) access to every single machine to check it the old way. There's a bit more information on the Kaminsky page that secfoc links to: " http://www.doxpara.com/?p=1285". DC
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- thoughts RandallM (Mar 31)
- Re: thoughts Gadi Evron (Mar 31)
- Re: thoughts Dave Nelson (Mar 31)
- Re: thoughts RandallM (Mar 31)
- Re: thoughts David Harley (Mar 31)
- Re: thoughts RandallM (Mar 31)
- Re: thoughts Remo Cornali (Mar 31)
- Re: thoughts der Mouse (Mar 31)
- Re: thoughts phester (Mar 31)
- Re: thoughts Steve Pirk (Mar 31)
- Re: thoughts Gadi Evron (Mar 31)
- Re: thoughts David M Chess (Mar 31)
- Re: thoughts Martin Tomasek (Mar 31)
- Re: thoughts Alex Lanstein (Mar 31)
- Re: thoughts Valdis . Kletnieks (Mar 31)