In an ideal world, I suppose we would have time to conduct an "exhaustive
forensic analysis" of each of the 9000+ effected systems.
I wonder:
- Do you look under you car, under its hood, under its seats and in its
trunk before getting into it each time?
- Do you personally wash your doctor or dentist's hands before he or she
works on you?
- Do you receive vaccines, despite the clear warning that a percentage of
recipients experience adverse side effects including death?
- Do you give them to your kids?
- Do you take your kids with you wherever you go--to work, to the gym, out
on a date? Do you teach them yourself?
- Do you live in a city known for crime, earthquakes, high stress, disease
or dangerous weather?
Compared to having your web site hacked, how many of life's issues have far
greater consequences if handled incorrectly? Yet most of us face them with
calm nonchalance. Why?
Instinct.
The owner of a business here in Carson City had his web server defaced with
the "fuck USA" message on the same day that 8000 other sites were also
defaced. Instinct (and a non-exhaustive forensic analysis) said that this
client's server was not individually targeted, but rather was part of the
general automated attack.
We plugged the hole and moved on. Twenty days later, still no apparent
problem or strange activity on the server. No exhaustive analysis performed.
No hard drive reformatted. No time wasted.
Thankfully, common sense ruled the day and I didn't try to sell the client
on whatever would have qualified as a "good move."
--Eric
-----Original Message-----
From: Devin L. Ganger [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 25, 2001 1:41 PM
To: Eric Robinson
Cc: [EMAIL PROTECTED]
Subject: Re: f**k USA government f**k poizonbox
On Fri, May 25, 2001 at 09:24:00AM -0700, Eric Robinson wrote:
> Members of this list who suggest that you should reformat and reinstall
> after a hacking inicdent are only partially correct. Starting with a clean
> slate is the only way to be sure you have eliminated your problem if you
> don't already know the exact nature of the attack. In this case, we do.
:-)
No, you don't, until you've run the exhaustive forensic analysis. Until
then, you're guessing. Encouraging people to break one of the foremost
rules of computer security is just plain bad advice.
If you are diagnosing based on symptoms, then you are putting yourself
at the mercy of the attackers. You are gambling on their complacency.
Bad move.
--
Devin L. Ganger <[EMAIL PROTECTED]>
find / -name *base* -exec chown us:us {} \;
su -c someone 'export UP_US=thebomb'
for f in great justice ; do sed -e 's/zig//g' < $f ; done
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
