OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Byrne, David (dbyrne_at_tiaa-cref.org)
Date: Fri Sep 06 2002 - 17:41:50 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    There's a similar thread on the focus-ms list. My take is that a new and/or
    stupid manager at Microsoft panicked. The article describes planting trojans
    and changing security settings. This is so vague and so common in intrusions
    that it could mean anything. They are probably seeing a number of systems
    compromised by a single person/group/tool. Nothing in the article indicates
    the intrusions were through a common vulnerability or configuration mistake.
    What is their solution? "Fully-patched computers that follow security best
    practices provide the best protection from hacking or other malicious
    software." It reads like an NIPC alert. Vague threat, common symptoms and
    obvious solutions.

    David Byrne
    TIAA-CREF

    -----Original Message-----
    From: Joe Blatz [mailto:sd_wirelessyahoo.com]
    Sent: Friday, September 06, 2002 3:36 PM
    To: Bronek Kozicki; incidentssecurityfocus.com
    Subject: Re: Q328691 ?

    There's been some dicussion at the link below. One
    person says he's been aware of this for a number of
    weeks, and that weak passwords may playing a part.

    http://arstechnica.infopop.net/OpenTopic/page?a=tpc&s=50009562&f=12009443&m=
    6340983235

    --- Bronek Kozicki <brokrubikon.pl> wrote:
    > There seems to be an increase of attacks on Windows
    > recently:
    >
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q328691
    >
    > Any ideas?
    >
    >
    > B.

    **********************************************************************
    This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.
    TIAA-CREF
    **********************************************************************

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com