[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] I Got Hacked. Now What Do I Do?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] I Got Hacked. Now What Do I Do?
From: "A.H." <adolfohermosin@xxxxxxxx>
Date: Wed, 19 May 2004 14:11:44 +0200

By Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I
Security Program Manager
Microsoft Corporation:

You can’t clean a compromised system by using some “vulnerability remover.” Let’s say you had a system hit by Blaster. A number of vendors (including Microsoft) published vulnerability removers for Blaster. Can you trust a system that had Blaster after the tool is run? I wouldn’t. If the system was vulnerable to Blaster, it was also vulnerable to a number of other attacks. Can you guarantee that none of those have been run against it? I didn’t think so.

You can’t trust any data copied from a compromised system. Once an
attacker gets into a system, all the data on it may be modified. In
the best-case scenario, copying data off a compromised system and
putting it on a clean system will give you potentially untrustworthy
data. In the worst-case scenario, you may actually have copied a back
door hidden in the data.

http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
http://www.vsantivirus.com/derribar-reconstruir.htm


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] I Got Hacked. Now What Do I Do?
  - From: Troels Bay

Prev by Date: [Full-Disclosure] [SECURITY] [DSA 507-1] New cadaver packages fix buffer overflow
Next by Date: [Full-Disclosure] [ GLSA 200405-09 ] ProFTPD Access Control List bypass vulnerability
Previous by thread: [Full-Disclosure] [SECURITY] [DSA 507-1] New cadaver packages fix buffer overflow
Next by thread: Re: [Full-Disclosure] I Got Hacked. Now What Do I Do?
Index(es):
- Date
- Thread