[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Barracuda backdoor

To: Cal Leeming <cal@xxxxxxxxxxxxxxxx>, Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Barracuda backdoor
From: bk <chort0@xxxxxxxxx>
Date: Fri, 29 Apr 2011 10:03:02 -0700

On Apr 29, 2011, at 9:22 AM, Cal Leeming wrote:
> On Fri, Apr 29, 2011 at 4:13 PM, bk <chort0@xxxxxxxxx> wrote:
> On Apr 29, 2011, at 6:11 AM, Cal Leeming wrote:
>> 
>> On Fri, Apr 29, 2011 at 3:30 AM, bk <chort0@xxxxxxxxx> wrote:
>> Everything you have mentioned there are when you have 'leased' a product, so 
>> if the license runs out, of course it's going to terminate those 'leased' 
>> services.
> 
> 
> Actually, no.  I'm really starting to doubt you have any experience what so 
> ever with enterprise products.  Every appliance I've ever heard of or sold 
> personally is sold, as in ownership is transferred.  The physical unit 
> belongs to the party who purchased it.  The continuing fees or subscriptions 
> cover:
> 1.  Support
> 2.  Product updates and patches
> 3.  Updates to anti-spam and anti-virus definitions
> 4.  Other product features that either require infrastructure on the vendor's 
> part, or capabilities that are OEM'd from another vendor and require 
> recurring royalty fees.
> 
> Are you referring to hardware or virtual appliances? Almost everything I have 
> used in an enterprise deployment, has been where the unit was owned outright 
> by the customer, with the license simply being for support.

EIther/both.  In the case of VM, customer generally pays a one-time license for 
the right to run a VM (in perpetuity).  A few were sold based on size of the 
pre-configured VM (disk space, vCPUs, etc), but my understanding is most of 
those are transitioning to a perpetual VM license scheme (due to the obvious 
fact that customers can change the virtual hardware).

If you don't like remote support from vendor, ask them how to disable it.  If 
you don't believe them, block all the egress traffic and look at the firewall 
logs to see where it's sending SYNs.  Almost any product these days needs to 
download updates, but you should be able to tell the difference between 
downloading updates and opening reverse shells.  I don't know of any vendors 
yet who do their shell over HTTPS (although it would make sense if you want it 
to be covert, ssh really stands out).

--
chort

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Barracuda backdoor
  - From: Tõnu Samuel
- Re: [Full-disclosure] Barracuda backdoor
  - From: bk
- Re: [Full-disclosure] Barracuda backdoor
  - From: Cal Leeming
- Re: [Full-disclosure] Barracuda backdoor
  - From: bk
- Re: [Full-disclosure] Barracuda backdoor
  - From: Cal Leeming
- Re: [Full-disclosure] Barracuda backdoor
  - From: bk
- Re: [Full-disclosure] Barracuda backdoor
  - From: Cal Leeming

Prev by Date: Re: [Full-disclosure] Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient
Next by Date: [Full-disclosure] Code Execution vulnerability в WordPress
Previous by thread: Re: [Full-disclosure] Barracuda backdoor
Next by thread: [Full-disclosure] hashdays 2011 - Call for Papers (#days CFP)
Index(es):
- Date
- Thread