TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Steve,
X-Force has been doing alot more than just pure security research.
It maintains a vulnerability and threat database of all known security
issues. Alot of effort is put into keeping it upto date, and there is alot
of concentrated effort on detailing not just the issue itself, but more
importantly how to fix it.
X-Force also takes a lot of the vulnerabilities and threats and creates
algorithms to detect these issues. The detection algorithnms get
incorporated into X-Press Updates for our products. We have been ramping up
the X-Press updates to rapidly help customers deal with the latest issues as
quickly as possible. For routine updating, we typically are doing it
atleast once a month, and for major issues, X-Force releases emergency
updates.
One thing X-Force is starting to do that is unique in the security industry
is taking the X-Press Updates and placing the new detection algorithms
within our managed security services (MSS) environment as beta before
release. MSS is managing and monitoring the security of over 2000
customers, so we get to see many different environments. By placing the
beta X-Press Update in MSS, we are able to tweak and optimize the algorithms
for network traffic that might not be seen in the lab, and significantly
reducing the number of false positives within our updates before going out
to our main customer base.
ISS X-Force and ISS consulting is actually spending alot of time doing new
research in the area of applications and wireless. Based on these areas,
ISS Consulting is developing a security methodology around these two areas.
ISS Consulting is actually taking alot of the skillsets that we have
developed in X-Force for identifying issues and applying them with our
customers, especially in the area of security assessments and penetration
testing. By leveraging the X-Force skills, our ISS Consulting group has
developed some of the best security skills in the industry. I mention our
ISS Consulting group only because most people do not realize we have a group
geared towards helping do assessments, design security policy &
architecture, deployments, and emergency responses. By applying X-Force and
Consulting together, researching application and wireless areas, we get some
unique leverage in our research. This is very exciting for us.
X-Force research focus in the end is to help our ISS customers. As we
publish about security issues, we label ISS Advisories as original X-Force
work where we have discovered new security issues, and we label ISS Alerts
as items that we did not discover, but thought was important for our
customers to be aware of, and typically include information on how our
solution solves these security issues.
Steve, based on your resume on your web site, which indicate you work for
Bindview Razor, a competitor to ISS, I doubt any of X-Force research is
really useful to you. While the X-Force work does not benefit you, I'm sure
it helps our customers. ISS Forum was create to share information on how to
use our solutions. If you have anything useful to add to our ISS Forum
mailing list, please follow the guidelines. Otherwise, please post your
opinions on your own mailing list.
> -----Original Message-----
> From: Steve [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, March 17, 2001 12:30 PM
>
> That is my point, thank you. It was a news item, not a
> vulnerability worthy
> of a X-Force Alert. Bottom line, there was a time that the
> X-Force was a
> respected research team that routinely discovered and reported new
> vulnerabilities. Now, they simply grab onto stuff that isn't
> original and
> attempt to make the news with it. Do they even have any
> skilled people left
> on X-Force? From the quality of the work coming out of them, it is
> doubtful.
>
> Its unfortunate that the X-Force seems to be more of a
> marketing team than a
> research team these days.
>
>
>
> -----Original Message-----
> From: Pete Duffin [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, March 17, 2001 8:43 AM
> To: 'Steve'; Lindley, Jim (ISSAtlanta); Sid Witzer; Mike Peterson
> Cc: issforum
> Subject: RE: Subseven 2.2 Release
>
>
> Umm, SecurityFocus.com. posted an alert as well. What's your point.
> -----Original Message-----
> From: Steve [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 16, 2001 8:33 PM
> To: Lindley, Jim (ISSAtlanta); Sid Witzer; Mike Peterson
> Cc: issforum
> Subject: RE: Subseven 2.2 Release
>
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> your message to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------
> --------------
> So why the media-hype advisory?
> 1.) X-Force did not create SubSeven
> 2.) X-Force did not discover SubSeven
> 3.) Should advisories from so-called research groups not
> contain new
> discoveries and new research?
> What next? Is the X-Force going to release an advisory on
> every script
> kiddie tool out there? Oh wait, I just saw the one on STICK
> so I guess so.
> Why not do something new and original?
> If I wanted the news, I would surf over to SecurityFocus.com.
>
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Lindley, Jim (ISSAtlanta)
> > Sent: Tuesday, March 13, 2001 3:46 PM
> > To: 'Steve'; Sid Witzer; Mike Peterson
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: Subseven 2.2 Release
> >
> >
> >
> > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
> > message to
> > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with
> > any problems!
> > ------------------------------------------------------------------
> > ----------
> >
> > There was, however, a new release with new functionality.
> The description
> > of that new functionality is the apparent point of the new
> alert. But the
> > new functionality does not obviate the SubSeven 2.x detect
> in RealSecure.
> >
> > Jim Lindley
> >
> > -----Original Message-----
> > From: Steve [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, March 13, 2001 5:39 PM
> > To: Lindley, Jim (ISSAtlanta); Sid Witzer; Mike Peterson
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: Subseven 2.2 Release
> >
> >
> > That is exactly my point. There is no new vulnerability
> yet there was an
> > X-Force alert on it.
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > Lindley, Jim (ISSAtlanta)
> > > Sent: Tuesday, March 13, 2001 2:01 PM
> > > To: 'Steve'; Sid Witzer; Mike Peterson
> > > Cc: [EMAIL PROTECTED]
> > > Subject: RE: Subseven 2.2 Release
> > >
> > >
> > >
> > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
> > > message to
> > > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with
> > > any problems!
> > > ------------------------------------------------------------------
> > > ----------
> > >
> > > What new vulnerability? SubSeven 2.2 detection has been in
> > > RealSecure since
> > > June 2000.
> > >
> > >
> > > James R Lindley
> > > Global Operations Training Manager
> > > Managed Security Services
> > > Internet Security Systems Inc.
> > > 6303 Barfield Road
> > > Atlanta GA 30328
> > > 404-236-3009
> > > An unquenchable thirst for Pierian waters
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Steve [mailto:[EMAIL PROTECTED]]
> > > Sent: Monday, March 12, 2001 11:13 PM
> > > To: Sid Witzer; Mike Peterson
> > > Cc: [EMAIL PROTECTED]
> > > Subject: RE: Subseven 2.2 Release
> > >
> > >
> > >
> > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
> > > message to
> > > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for
> help with any
> > > problems!
> > > ------------------------------------------------------------------
> > > ----------
> > >
> > > SubSeven is a program that is very similar to Back
> Orffice or Netbus.
> > >
> > > As far as its relationship to ISS, there isn't one except for the
> > > fact that
> > > X-Force specializes in releasing alerts on the obvious and seems
> > > to have an
> > > issue finding new vulnerabilities to report. Its really too
> > bad, as they
> > > used to be a respected research organization.
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > Sid Witzer
> > > Sent: Monday, March 12, 2001 5:55 PM
> > > To: Mike Peterson
> > > Cc: [EMAIL PROTECTED]
> > > Subject: Re: Subseven 2.2 Release
> > >
> > >
> > >
> > > What is Subseven 2.2 ? and what is your relationship to ISS?
> > >
> > >
> > > Mike Peterson wrote:
> > >
> > > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> > > your message to
> > > > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with
> > > any problems!
> > > >
> > > ------------------------------------------------------------------
> > > ----------
> > > >
> > > > FYI - SubSeven 2.2 has been released.
> > > >
> > > > http://www.tlsecurity.net/backdoor/Subseven.2.2.html
> > > >
> > > > __________________________________________________
> > > > Do You Yahoo!?
> > > > Yahoo! Auctions - Buy the things you want at great prices.
> > > > http://auctions.yahoo.com/
> > >
> > > --
> > > Regards,
> > > Sid Witzer
> > > Citigroup/CGTI/GSO/DCRM/High Availability Systems
> > >
> > > Voice: 201-601-7452
> > > Pager: 800-Page-mci
> > > pin: 1670629
> > > Cell: 917-679-3896
> > > Fax: 201-601-5680
> > >
> > >
> >
> >
> >
>
>
>
