Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] Disney Down?
From: Micheal Espinola Jr (michealespinolagmail.com)
Date: Fri Aug 19 2005 - 14:41:24 CDT
I agree that not all exploits need to or should be handled in such a
way, but this type of open-ended exploit where potentially anything
could have been dropped or altered on a system would force me as an
network/security/systems administrator to have to take appropriate
action to protect my employer.
Yep, it's defiantly extreme. I wouldn't want to have to do it. But,
I still would do it all the same. In my experience the risk is just
too great not to. Which is why we store data on secure servers, and
can multi-cast images for workstations for easy rebuilds. Its a shame
not everyone can work in an environment where things like this can be
done that easily, but that doesn't mean that they shouldn't be done at
I have yet to work work for an employer where my management and fellow
staff wouldn't be prepared to do the same - thank goodness.
I shudder to think about it happening to me...
On 8/19/05, Steve Kudlak <chromazinesbcglobal.net> wrote:
> Micheal Espinola Jr wrote:
> Absolutely. Once a system has been exploited in such a manner, it
completely untrustable. It should most definitely be wiped.
The IT ppl
> in SDC (and many other places) need to all be lined up and
> Stooges style.
On 8/19/05, Donald J. Ankney <dankneysunsetfilms.com>
> Any IT department that simply removes a worm and shoves a box back
> production has serious issues.
After a machine has been compromised, it
> should be wiped and rebuilt.
> As a practical matter how many boxes are we talking about. I mean I have
> removed worms and viruses (note I don't use the l;ural virii because it is
> too close to the proper Latin Plural of "men";) and put boxes back into use.
> But not in places that are critical. Does one rebuiild everytime something
> goes wrong? Seems extreme to me. I dunno if this is the place to discuss
> issues like this. Now of course with worm designers getting more
> sophisticated it might be that more extereme measures should be taken
> earlier in the descision chain. Now if people implement a really adequate
> backup system, like everything over the last hour is safely backed up it
> might be possible to do that. Anyway it is an interesting case, easy to say
> now that I am disabled and watching from the sidelines.
> Have Fun,
> Sends Steve
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/