[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] MCSE training question

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] MCSE training question
From: "morning_wood" <se_cur_ity@xxxxxxxxxxx>
Date: Mon, 5 Apr 2004 19:14:18 -0700

>Oh contraire, the first thing we do when we go onsite to work on windows box
>is ask my client to reboot it first, particularly if it is a server, as
>occassionally they they do not come back up, and we do not want to be blamed
>just because the OS is unstable

and you claim to be a security professional?
( Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA )

the first thing would be to sit down at the suspect console and observe.
the second thing would be to... observe.
then i might consider a course of action...
possibly the box in question is instable because of a compromise,
or a worm or a 0day... what about that Curt?
never would i ( or tell anyone ) to just "reboot that box before i touch it"
now i know why fortune 500 companies get horrendous infections.

"shocked and awed"

Donnie Werner
http://exploitlabs.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] MCSE training question
  - From: Curt Purdy

Prev by Date: Re: [Full-Disclosure] A sucker is born every day
Next by Date: [Fwd: Re: [Full-Disclosure] MCSE training question]
Previous by thread: Re: [Full-Disclosure] MCSE training question
Next by thread: Re: [Full-Disclosure] Re: [FD] FD should block attachments
Index(es):
- Date
- Thread