Any network person whose systems were compromised in
the last round of these attacks IS lucky!! Lucky they
have jobs at all, the security patches for this
vuneribilty had been out forever - tisk -tisk to
anyone irresponsible enough to overlook the obvious.
Also, if your system was compromised and you don't
rebuild the box in question - I wish you luck!!:(
--- "Devin L. Ganger" <[EMAIL PROTECTED]> wrote:
> On Fri, May 25, 2001 at 02:13:14PM -0700, Eric
> Robinson wrote:
>
> > In an ideal world, I suppose we would have time to
> conduct an "exhaustive
> > forensic analysis" of each of the 9000+ effected
> systems.
>
> Nope. That's where the risk analysis comes in.
>
> "How much risk will I be at, versus the amount of
> labor invested?"
>
> Full analysis + actions indicated: low risk,
> extremely high labor.
> No analysis, rebuild system: low risk, moderate
> labor.
> Light analysis, plug holes: unknown risk, low labor.
>
> > We plugged the hole and moved on. Twenty days
> later, still no apparent
> > problem or strange activity on the server. No
> exhaustive analysis performed.
> > No hard drive reformatted. No time wasted.
>
> This time. Until the black hats get smarter than
> your instinct.
>
> --
> Devin L. Ganger <[EMAIL PROTECTED]>
> find / -name *base* -exec chown us:us {} \;
> su -c someone 'export UP_US=thebomb'
> for f in great justice ; do sed -e 's/zig//g' < $f ;
> done
> -
> [To unsubscribe, send mail to
> [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
