>anyone comment on this and your thoughts or knowledge on what can be
>done or what we can expect to be done? April 1rst hype or does anyone
>REALLY know?
>
>http://www.securityfocus.com/brief/936
I have no actual knowledge :) but it seems plausible enough; they found
some piece of behavior, visible from the network without any privileged
access to the machine, that the C variant changes when it infects
(probably, from the wording of that piece, having to do with a legitimate
request that fails, or fails differently, on a C-infected system).
Obviously a nice tool to use to scan your intranet or whatever for
infected machines that you can then kick off the network and send someone
'round to fix. Rather than having to have someone get privileged (and/or
physical) access to every single machine to check it the old way. There's
a bit more information on the Kaminsky page that secfoc links to: "
http://www.doxpara.com/?p=1285";.
DC
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
