NAI says ALL webservers are now inhouse. Still no official word on which
exploit was used. We may never find out. Allegedly the download was a link
to a secure site. Even if not, it takes about 60 seconds to do, not a
checksum or CRC, but a byte by byte file comparison to see if changed. Re:
NAI culpability, remember that management ALWAYS reserves the right to hire
stupid people. :)
"Earth has its boundaries, but human stupidity is limitless." -Gustave
Flaubert
->-----Original Message-----
->From: [EMAIL PROTECTED]
->[mailto:[EMAIL PROTECTED]]On Behalf Of Ng, Kenneth (US)
->Sent: Thursday, December 07, 2000 9:18 AM
->To: 'Kathy'; [EMAIL PROTECTED]
->Subject: RE: More info on NAI & McAfee website hacked.
->
->
->As a matter of fact, I have been asking Symantec the same question about
->their anti virus software updates for the past 2 years. Even for
->one of the
->security staff at KPMG who would be willing to sign a NDA, they
->catagorically refuse and will only say that "the site is secure,
->there is no
->way in". Now I think we know the REAL REASON why they don't want to
->disclose their security, they have none.
->
->-----Original Message-----
->From: Kathy [mailto:[EMAIL PROTECTED]]
->Sent: Wednesday, December 06, 2000 7:41 PM
->To: [EMAIL PROTECTED]
->Subject: More info on NAI & McAfee website hacked.
->
->
->
->Wired has a story on the Network Associates hack.
->http://www.wired.com/news/business/0,1367,40445,00.html
->[edit]
->Additional question is if the hackers changed the NAI website
->content, would
->that also imply that the hackers could have changed the file download
->content of their antivirus software and replaced with a trojan?
->Obviously,
->this is conjecture and no proof that hackers did this, but I think it is a
->fair question to ask of NAI or any security company that gets
->their website
->hacked.
->
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
