Any IT department that simply removes a worm and shoves a box back
into production has serious issues.
After a machine has been compromised, it should be wiped and rebuilt.
I don't trust myself to find everything that an intruder (or
intruding software) may have done while in the system. I trust my
disaster-recovery plan to make sure that rapid data restoration is
possible after a machine is taken down and rebuilt.
On Aug 17, 2005, at 12:15 PM, Jason Coombs wrote:
American Express has been unable to provide me with customer
service by telephone since the outbreak began.
Larry, you of all people can't possibly believe that the scope of
this incident is limited to what you read in the news.
Furthermore, do you truly believe that the worms are the point here?
The worms cause a distraction, and the media plus the antivirus
industry collaborate to make victims believe that they can recover
from the incident just by shutting down the worm.
What about attacks that took place with the worms as cover? How
many high-value systems just got compromised, and will remain so,
by something other than the worms' code -- where the victim won't
even bother to investigate that possibility because they feel like
the worm was the incident.
Regards,
Jason Coombs
[EMAIL PROTECTED]
-----Original Message-----
From: "Larry Seltzer" <[EMAIL PROTECTED]>
Date: Wed, 17 Aug 2005 08:20:17
To:"'Micheal Espinola Jr'" <[EMAIL PROTECTED]>, <full-
[EMAIL PROTECTED]>
Subject: RE: [Full-disclosure] Disney Down?
"So patch your systems, but don't miss your kid's play in order
to do it.
We've seen a lot worse than this in the past."
Brilliant advise[sic]!
Yeah, clearly I timed the column badly, but I still think there's
more smoke
than fire on this outbreak. If it had been International Paper or some
company like that rather than media outlets I suspect it wouldn't
be getting
all this attention. I also think it's fair to say that when it dies
down,
relatively soon, it won't achieve the endemic status of Blaster and
Sasser
because it will have little or no presence on consumer systems.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
