Re: [Full-disclosure] Security Incident Response Testing To Meet Audit

[Jeffrey Walton <noloader@xxxxxxxxx>]

On Sun, Dec 12, 2010 at 12:02 PM, Jeffrey Walton <noloader@xxxxxxxxx> wrote:
> On Fri, Dec 10, 2010 at 11:52 PM, Charles Polisher <cpolish@xxxxxxxxx> wrote:
>> Adam Behnke wrote:
>>> Hi everyone, InfoSec Institute author Russ McRee has written up an overview
>>> on tools to ensure maximum readiness for incident response teams, including
>>> drill tactics. PCI-DSS audits often require IR testing validation; drill
>>> quarterly and be ready next audit cycle.
>>>
>>> http://resources.infosecinstitute.com/incident-response-and-audit-requirements/
>>>
>>> Please let me know your thoughts.
>>
>>  "Remember that you're playing with binaries that will likely cause
>>   antivirus to fire."
>>
>> I take issue with this statement. Tonight I tested $VENDOR's
>> up-to-date anti-virus against 10 day-old malware samples captured
>> from the wild - the detection rate was abysmal (225/539).
>> Maybe your AV is better than mine.
> Immunet (http://www.immunet.com/) would probably very useful in this
> situation. Think of it a 'distributed antivirus definitions'. If one
> $VENDOR catches it, your machine will most likely catch it since its
> part of the cloud (forgive the cliché).
>
> The company was started by a fellow named Al Huger. I believe he also
> started Bugtraq. When Bugtraq was commercialized by Symantec, Huger
> moved on to Immunet.

>From Kurt Seifried off list:

That is incorrect. Alephone started bugtraq independently. He then was
"acquired" (for lack of a better term, he wasn't a business) by
securityocus.com, of which Alfred Huger was a founder. I remember this
well because at the time we (securityportal.com) were also making
nosies about acquiring bugtraq (which at the time was the hot sh*t in
security lists).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/