Re: [Full-disclosure] Getting Off the Patch
Cor Rosielle wrote: I don't agree with the statement: From a security standpoint, patching is better than not patching. Period.. Sometimes patching is the right solution, often it is not. Since some asked experiences from larger companies, here is one: snip I did not know about the OSSTMM in those days. If I did, I could have explained why patching is not always the best solution: it interferes with your operations. And if it influences you operations, you better control it. Not blindly execute it and install the patch using an automated update process, but actually control it. snip Here's another factor to consider: with $VENDOR's kit you can't get support unless all the released patches are in place. $VENDOR doesn't field the resources to support n differently patched systems in the field; they're already coping with n different *configurations* of their product. At our shop some vendors are more critical re support than others so there's not a blanket policy. Management would not be amused if $SYSTEM was down but wasn't in a $VENDOR-supported state. This isn't theoretical - it happened, it was ugly, it came with extended downtime. TLDR: site patching policy is not always homogenous. -- Charles Polisher ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] GNU libc/regcomp(3) Multiple Vulnerabilities
[ GNU libc/regcomp(3) Multiple Vulnerabilities ] Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.: 07.01.2011 CERT: VU#912279 CVE: CVE-2010-4051 CVE-2010-4052 Affected (tested): - - Ubuntu 10.10 - - Slackware 13 - - Gentoo 18.10.2010 - - FreeBSD 8.1 (grep(1)) - - NetBSD 5.0.2 (grep(1)) Slackware 12.2 is also vulnerable -- Charles Polisher ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
BMF wrote: Dan Kaminsky d...@doxpara.com wrote: Don't we have hardware RNG in most motherboard chipsets nowadays? Do we? By what mechanism do they operate? Thermal noise seems the easiest way to go although I have always preferred the idea of sampling random radioactive decay simply for the purity of the immediate result. What is the quality of the entropy of the devices you speak of? How fast do they generate entropy? I have heard nothing about this. How could I tell if my machine had hw rng built in? Some i810 series chipsets have hw rng. There is also the Intel 80802 Firmware Hub chip that nobody seems to use anymore. I have heard of people pointing webcams at lava lamps and such to get random numbers. Check out Markus Jacobsson et al, A Practical Secure Physical Random Bit Generator, 1998, using the turbulence of airflow inside the drive as the source of randomness. Can't do much better than that. -- Charles Polisher ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security Incident Response Testing To Meet Audit
Christian Sciberras wrote: Just to satisfy my curiosity, but, when was the last AV update performed? One could assume some anti-virus would be up-to-date even if the last update was performed a month or so ago. On the other hand, an anti-virus update usually is done sometimes even several times er day (well, mine does). Have you tried the binaries virustotal.com (or equivalent)? Freshly updated. Five vendors tested now. All dismal. I can't be the only one actually testing? Could it be operator error? Results seem repeatable. I will try more extensive sampling and submissions to VT, Anubis, etc. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/