|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] I Got Hacked. Now What Do I Do?
From: A.H. (adolfohermosin
yahoo.es)
Date: Wed May 19 2004 - 07:11:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
By Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I
Security Program Manager
Microsoft Corporation:
> You can’t clean a compromised system by using some “vulnerability
> remover.” Let’s say you had a system hit by Blaster. A number of
> vendors (including Microsoft) published vulnerability removers for
> Blaster. Can you trust a system that had Blaster after the tool is
> run? I wouldn’t. If the system was vulnerable to Blaster, it was also
> vulnerable to a number of other attacks. Can you guarantee that none
> of those have been run against it? I didn’t think so.
> You can’t trust any data copied from a compromised system. Once an
> attacker gets into a system, all the data on it may be modified. In
> the best-case scenario, copying data off a compromised system and
> putting it on a clean system will give you potentially untrustworthy
> data. In the worst-case scenario, you may actually have copied a back
> door hidden in the data.
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
http://www.vsantivirus.com/derribar-reconstruir.htm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]