Microsoft has. It is called SMS. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of The Central Scroutinizer Sent: Sunday, August 22, 2004 7:35 PM To: Mailing List - Full-Disclosure Subject: Re: [Full-Disclosure] The 'good worm' from HP
Would it not be better to have a standard secure backdoor provided by a security package that could downloaded or installed by disk and works hand in hand with port scanning software, if this is really necassary. I am supprised Microsoft have not released such a peice of software; maybe a third party have. Aaron ----- Original Message ----- From: "Todd Towles" <[EMAIL PROTECTED]> To: "joe" <[EMAIL PROTECTED]> Cc: "Mailing List - Full-Disclosure" <[EMAIL PROTECTED]> Sent: Sunday, August 22, 2004 7:15 PM Subject: RE: [Full-Disclosure] The 'good worm' from HP >I hope it is a bad choice of words. He is a VP, should I say more? > > Even if it is a controlled worm that moves around in the internal > network patching computers, it sounds like a very stupid idea. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Sunday, August 22, 2004 8:20 AM > To: Todd Towles; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] The 'good worm' from HP > >> Allan is right. I didn't notice people calling it a worm. > > > From the article at InfoWorld... > > <SNIP> > We've been working with (customers) for the last month now," said Tony > Redmond, vice president and chief technology officer with HP Services in > an interview. > <SNIP> > "This is a good worm," said Redmond. "It's turning the techniques (of > the > attackers) back on them." > <SNIP> > > Possibly he used a bad choice of words. > > > > I definitely agree though that you probably shouldn't be "infecting" > machines to patch them. In order to patch through a hole like that you > are running code through that hole and that is the same as infecting in > my book, you just aren't propogating. You could still make the machine > unstable or cause other issues. I think my preference would be something > along the lines of what the NetSquid project is doing mentioned > previously but be more aggressive. Sure have the feed from SNORT to > actively go out and pop the machines currently sending bad traffic, but > also scan for machines that > *could* get infected and shut them down as well. That would be a good > use of this tech HP is working on, simply identify the machines. However > others have done the similar in terms of detection so that wouldn't be > nearly as new and daring. They could do a good thing by making it fully > supported by a big name, stable, quick, and part of an overall framework > for protecting the network environment. > > joe > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles > Sent: Saturday, August 21, 2004 8:58 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] The 'good worm' from HP > > <SNIP> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html