RE: !SPAM! RE: [Full-Disclosure] The 'good worm' from HP
Yes it can. See the docs. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of The Central ScroutinizerSent: Monday, August 23, 2004 16:29To: [EMAIL PROTECTED]Subject: !SPAM! RE: [Full-Disclosure] The 'good worm' from HP It's called WindowsUpdate? That cannot be used locally/internally by an organization. Aaron
Re: [Full-Disclosure] The 'good worm' from HP
The Central Scroutinizer wrote: Would it not be better to have a standard secure backdoor provided by a security package that could downloaded or installed by disk and works hand in hand with port scanning software, if this is really necassary. I am supprised Microsoft have not released such a peice of software; maybe a third party have. There is a known backdoor on every modern system: the administrator/root/whatever account. Systeminternals(and others) have a tool which allows remote execution on windows nt/2k/xp (*)... could be a solution (we used it to install ie 6 and thunderbird x.y.z), ssh or even rsh exists for most unix variants. We once used symantec's av remote management console (named: ???, the current version is not smart enough for this) to install things like netscape browser and making sure some registry files were as we wanted...it's again a windows nt/2k/xp 'feature', for unixes, ssh or rsh (or is it rexec ?) are still available. *: one such a tool adds a scheduled task and make sure the task scheduler is running. Even if it is a controlled worm that moves around in the internal network patching computers, it sounds like a very stupid idea. I hope it is a bad choice of words. He is a VP, should I say more? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] The 'good worm' from HP
I'm fairly sure I disagree with you, Nick. I don't believe we need Brontchev's paper in hand or head to discuss whether or not self-replicating, active,beneficial code is a good idea or not. Contrary to the tone of some of your posts, many of us are fairly bright, reasonably well educated, and capable of forming our own opinions without someone else framing the debate for us. In fact, Brontchev's thoughts on constructing/distributing a beneficial virus come down, in the end, to just being a publish and subscribe software distribution method...hardly revolutionary or ground-breaking even when he wrote it. As relates specifically to HP/Active Countermeasures, however: HP Is looking to market /deploy this as a managed tool, most likely as a bolt on to OpenView, not unleash it on the net...more to the point, it is not viral (as described, in fact, in Bontchev's paper...so let's not quibble about that definition). As a managed systems tool, confined to pre-defined systems, it matters not a whit what Bontchev's paper has to say. If it's a functional, efficient tool to assist in keeping systems secure and patched it's going to be used. In the case of this specific product, I think that several posters here need to do a little mnore research into the product. It's a scanner, based on reported/compiled vulnerabilities, coupled with some rules-based capabilities such as taking a machine off a network, forcing patches, etc. I think too many people here (and elsewhere) heard the term good worm and leapt to a series of conclusions so quickly that they never bothered to find out what it was that they were talking about. Bart Lansing Manager, Desktop Services Kohl's IT Nick FitzGerald [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 08/20/2004 09:14 PM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject Re: [Full-Disclosure] The 'good worm' from HP Maarten wrote: Stuff like counter-attacking has been discussed often, whether in large open forums such as FD or in more private circles. Mostly, people were too concerned to open themselves up for huge lawsuits and or for prosecution even, but now that an important influential company like HP is suggesting (building) it, this may well signifiy an important shift in the fight against malware. I, for one, welcome the initiative... You need to read Vesselin Bontchev's classic Are 'Good' Viruses Still a Bad Idea? paper before you can even begin to enter this debate. And if you think the age of that paper automatically disbars it from contemporary discussion, the reason there are no more recent papers worth reading is because no-one has meaningfully challenged Bontchev's position since that paper was written. I hope the HP folk have read it and thought very carefully about all this... (Sadly the media reports are too light and fluffy to make anything sensible of what HP is really proposing.) -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] The 'good worm' from HP
Microsoft has. It is called SMS. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of The Central Scroutinizer Sent: Sunday, August 22, 2004 7:35 PM To: Mailing List - Full-Disclosure Subject: Re: [Full-Disclosure] The 'good worm' from HP Would it not be better to have a standard secure backdoor provided by a security package that could downloaded or installed by disk and works hand in hand with port scanning software, if this is really necassary. I am supprised Microsoft have not released such a peice of software; maybe a third party have. Aaron - Original Message - From: Todd Towles [EMAIL PROTECTED] To: joe [EMAIL PROTECTED] Cc: Mailing List - Full-Disclosure [EMAIL PROTECTED] Sent: Sunday, August 22, 2004 7:15 PM Subject: RE: [Full-Disclosure] The 'good worm' from HP I hope it is a bad choice of words. He is a VP, should I say more? Even if it is a controlled worm that moves around in the internal network patching computers, it sounds like a very stupid idea. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, August 22, 2004 8:20 AM To: Todd Towles; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] The 'good worm' from HP Allan is right. I didn't notice people calling it a worm. From the article at InfoWorld... SNIP We've been working with (customers) for the last month now, said Tony Redmond, vice president and chief technology officer with HP Services in an interview. SNIP This is a good worm, said Redmond. It's turning the techniques (of the attackers) back on them. SNIP Possibly he used a bad choice of words. I definitely agree though that you probably shouldn't be infecting machines to patch them. In order to patch through a hole like that you are running code through that hole and that is the same as infecting in my book, you just aren't propogating. You could still make the machine unstable or cause other issues. I think my preference would be something along the lines of what the NetSquid project is doing mentioned previously but be more aggressive. Sure have the feed from SNORT to actively go out and pop the machines currently sending bad traffic, but also scan for machines that *could* get infected and shut them down as well. That would be a good use of this tech HP is working on, simply identify the machines. However others have done the similar in terms of detection so that wouldn't be nearly as new and daring. They could do a good thing by making it fully supported by a big name, stable, quick, and part of an overall framework for protecting the network environment. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles Sent: Saturday, August 21, 2004 8:58 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] The 'good worm' from HP SNIP ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] The 'good worm' from HP
On Mon, 23 Aug 2004 01:34:32 BST, The Central Scroutinizer said: Would it not be better to have a standard secure backdoor provided by a security package that could downloaded or installed by disk and works hand in hand with port scanning software, if this is really necassary. I am No, it would not be a good idea. supprised Microsoft have not released such a peice of software; maybe a third party have. Many third parties have done so, going all the way back to BackOrifice. Think it through - there's 2 basic possibilities: 1) The machine is a Windows machine that's centrally administered and controlled via Active Directory or similar system, as in many corporate environments. In the AD world, it's well understood how to push fixes via Group Policy, and other central-management schemes already have their own schemes for doing it (even if it's a 'for i in `cat boxes.to.update`; do ssh $i...'). So in these environments, you don't need a backdoor. 2) The box isn't a member of an Active Directory or other similar distributed-management scheme. In this case, you don't want a back door, because you have no sane way to validate who's doing the push of software. So you can't securely use a backdoor. pgpG6eQu9Odov.pgp Description: PGP signature
RE: [Full-Disclosure] The 'good worm' from HP
Allan is right. I didn't notice people calling it a worm. From the article at InfoWorld... SNIP We've been working with (customers) for the last month now, said Tony Redmond, vice president and chief technology officer with HP Services in an interview. SNIP This is a good worm, said Redmond. It's turning the techniques (of the attackers) back on them. SNIP Possibly he used a bad choice of words. I definitely agree though that you probably shouldn't be infecting machines to patch them. In order to patch through a hole like that you are running code through that hole and that is the same as infecting in my book, you just aren't propogating. You could still make the machine unstable or cause other issues. I think my preference would be something along the lines of what the NetSquid project is doing mentioned previously but be more aggressive. Sure have the feed from SNORT to actively go out and pop the machines currently sending bad traffic, but also scan for machines that *could* get infected and shut them down as well. That would be a good use of this tech HP is working on, simply identify the machines. However others have done the similar in terms of detection so that wouldn't be nearly as new and daring. They could do a good thing by making it fully supported by a big name, stable, quick, and part of an overall framework for protecting the network environment. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles Sent: Saturday, August 21, 2004 8:58 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] The 'good worm' from HP SNIP ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] The 'good worm' from HP
I hope it is a bad choice of words. He is a VP, should I say more? Even if it is a controlled worm that moves around in the internal network patching computers, it sounds like a very stupid idea. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, August 22, 2004 8:20 AM To: Todd Towles; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] The 'good worm' from HP Allan is right. I didn't notice people calling it a worm. From the article at InfoWorld... SNIP We've been working with (customers) for the last month now, said Tony Redmond, vice president and chief technology officer with HP Services in an interview. SNIP This is a good worm, said Redmond. It's turning the techniques (of the attackers) back on them. SNIP Possibly he used a bad choice of words. I definitely agree though that you probably shouldn't be infecting machines to patch them. In order to patch through a hole like that you are running code through that hole and that is the same as infecting in my book, you just aren't propogating. You could still make the machine unstable or cause other issues. I think my preference would be something along the lines of what the NetSquid project is doing mentioned previously but be more aggressive. Sure have the feed from SNORT to actively go out and pop the machines currently sending bad traffic, but also scan for machines that *could* get infected and shut them down as well. That would be a good use of this tech HP is working on, simply identify the machines. However others have done the similar in terms of detection so that wouldn't be nearly as new and daring. They could do a good thing by making it fully supported by a big name, stable, quick, and part of an overall framework for protecting the network environment. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles Sent: Saturday, August 21, 2004 8:58 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] The 'good worm' from HP SNIP ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] The 'good worm' from HP
Would it not be better to have a standard secure backdoor provided by a security package that could downloaded or installed by disk and works hand in hand with port scanning software, if this is really necassary. I am supprised Microsoft have not released such a peice of software; maybe a third party have. Aaron - Original Message - From: Todd Towles [EMAIL PROTECTED] To: joe [EMAIL PROTECTED] Cc: Mailing List - Full-Disclosure [EMAIL PROTECTED] Sent: Sunday, August 22, 2004 7:15 PM Subject: RE: [Full-Disclosure] The 'good worm' from HP I hope it is a bad choice of words. He is a VP, should I say more? Even if it is a controlled worm that moves around in the internal network patching computers, it sounds like a very stupid idea. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, August 22, 2004 8:20 AM To: Todd Towles; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] The 'good worm' from HP Allan is right. I didn't notice people calling it a worm. From the article at InfoWorld... SNIP We've been working with (customers) for the last month now, said Tony Redmond, vice president and chief technology officer with HP Services in an interview. SNIP This is a good worm, said Redmond. It's turning the techniques (of the attackers) back on them. SNIP Possibly he used a bad choice of words. I definitely agree though that you probably shouldn't be infecting machines to patch them. In order to patch through a hole like that you are running code through that hole and that is the same as infecting in my book, you just aren't propogating. You could still make the machine unstable or cause other issues. I think my preference would be something along the lines of what the NetSquid project is doing mentioned previously but be more aggressive. Sure have the feed from SNORT to actively go out and pop the machines currently sending bad traffic, but also scan for machines that *could* get infected and shut them down as well. That would be a good use of this tech HP is working on, simply identify the machines. However others have done the similar in terms of detection so that wouldn't be nearly as new and daring. They could do a good thing by making it fully supported by a big name, stable, quick, and part of an overall framework for protecting the network environment. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles Sent: Saturday, August 21, 2004 8:58 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] The 'good worm' from HP SNIP ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] The 'good worm' from HP
Todd Towles wrote: Yeah I remember first hearing about that in the Patch Management circles. Does sounds like a good idea. Anyone that has been over patch managemtn can tell you that patches break stuff. Now software will automatically break software with software patches. =) Interesting. And, aside from the Are 'Good' Viruses Still a Bad Idea? issues, some historical precedent suggests that this a hard set of problems to fix. In the earliest (?) academic/commercial research into worm-like behaviour, where the intention was purely to better utilize the resouirces of the individual machines in a network, to perform housekeeping tasks on said machines out of hours and so on, things went awry and the project was abandoned. IIRC, that work was by Shoch Hupp at XEROX PARC in the early 80's and is widely cited in some circles... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] The 'good worm' from HP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I really don't KNOW what HP is doing, but I would assume that it's just a 'product' and not a worm. Meaning, you can probably setup 1 system on your network that scans a specified range (for example only your workstations if you're worried about your servers getting autopatched). So any machines that are somehow not picked up by your normal patch management system (maybe it's not a member of your domain ..) will still get patched. I also assume they will not 'infect' any machines to use them to scan further (ie worm behaviour). I'm not saying this is all good or bad, but I was reading this thread and it seems you are all expecting HP to just let this loose on the internet. Allan [snip] I hope the HP folk have read it and thought very carefully about all this... (Sadly the media reports are too light and fluffy to make anything sensible of what HP is really proposing.) [/snip] - - -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -BEGIN PGP SIGNATURE- Version: PGP 8.0.3 iQA/AwUBQScQtpNqa4mRthN9EQL1lwCfb594IT8yK46290dA7VGw1Gw/YcQAn0O3 16uV3oCHHymuvCGUqHPoY4uc =+HGg -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] The 'good worm' from HP
There are much better alternatives to using exploit code to install patches.The security folk at TAMU have come up with an in-line network sniffer automagically blocks infected machines and notifies them via an internal webserver of their infection. After a set time it allows them back on. (clever...motivates _user_ to clean/patch) http://netsquid.tamu.edu/ This is a _lot_ more responsible than running exploit code of any sort, even for a good purpose. I admin one particular windows server that I must actually wait for vender approval before applying any hotfixes. I'd be extremely pissed if some do-gooder net admin tried to patch my box via sploit code and ended up breaking it. (it is that fickle) -Michael ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] The 'good worm' from HP
On Saturday 21 August 2004 16:00, michael williamson wrote: This is a _lot_ more responsible than running exploit code of any sort, even for a good purpose. I admin one particular windows server that I must actually wait for vender approval before applying any hotfixes. I'd be extremely pissed if some do-gooder net admin tried to patch my box via sploit code and ended up breaking it. (it is that fickle) Except that the scenario you describe isn't near complete. What will happen is either it will get attacked by a benign worm (possibly breaking something) or a malicious worm (definitely breaking something) only a short while later. Which would you prefer then ? I think it is _your_ responsibility to shield your box from the internet (AND the internet from your box) if it is that fickle and that important to you. Otherwise, all bets are off. I.e. to stay with the human virus analogy: you'll be hospitalized against your will cause you pose a health risk. Maarten ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] The 'good worm' from HP
Except that the scenario you describe isn't near complete. What will happen is either it will get attacked by a benign worm (possibly breaking something) or a malicious worm (definitely breaking something) only a short while later. Which would you prefer then ? I'd prefer to not have to deal with systems built on house cards, but sometimes that's just not avoidable nor realistic. I can't deal with too much downtime either. I think it is _your_ responsibility to shield your box from the internet the box _is_ fairly well shielded. if it is that fickle and that important to you. I'm really wanting phase this P.O.S. out, but I will mention this sort of crap is not that uncommon of turnkey solutions in the windows world. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] The 'good worm' from HP
Allan is right. I didn't notice people calling it a worm. It is suppose to be a patch management product that will actually use the expolit hole to patch the box. It is a controlled problem and should be used only on computers control by the corporation that owns the software. But is it still a good idea...I don't think so. Exploiting stuff sometimes crashes systems and could corrupt stuff. Why do it that way, when you could just apply a patch directly. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, August 21, 2004 4:07 AM To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] The 'good worm' from HP -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I really don't KNOW what HP is doing, but I would assume that it's just a 'product' and not a worm. Meaning, you can probably setup 1 system on your network that scans a specified range (for example only your workstations if you're worried about your servers getting autopatched). So any machines that are somehow not picked up by your normal patch management system (maybe it's not a member of your domain ..) will still get patched. I also assume they will not 'infect' any machines to use them to scan further (ie worm behaviour). I'm not saying this is all good or bad, but I was reading this thread and it seems you are all expecting HP to just let this loose on the internet. Allan [snip] I hope the HP folk have read it and thought very carefully about all this... (Sadly the media reports are too light and fluffy to make anything sensible of what HP is really proposing.) [/snip] - - -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -BEGIN PGP SIGNATURE- Version: PGP 8.0.3 iQA/AwUBQScQtpNqa4mRthN9EQL1lwCfb594IT8yK46290dA7VGw1Gw/YcQAn0O3 16uV3oCHHymuvCGUqHPoY4uc =+HGg -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] The 'good worm' from HP
Yeah I remember first hearing about that in the Patch Management circles. Does sounds like a good idea. Anyone that has been over patch managemtn can tell you that patches break stuff. Now software will automatically break software with software patches. =) Interesting. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of KF_lists Sent: Friday, August 20, 2004 12:39 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] The 'good worm' from HP This is cute... http://p2pnet.net/story/2182 -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] The 'good worm' from HP
On Friday 20 August 2004 19:38, KF_lists wrote: This is cute... http://p2pnet.net/story/2182 Stuff like counter-attacking has been discussed often, whether in large open forums such as FD or in more private circles. Mostly, people were too concerned to open themselves up for huge lawsuits and or for prosecution even, but now that an important influential company like HP is suggesting (building) it, this may well signifiy an important shift in the fight against malware. I, for one, welcome the initiative... Maarten -KF -- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] The 'good worm' from HP
Stuff like counter-attacking has been discussed often, This isn't necessary counter-attacking. Most operators of large, decentralized networks who have some say on what's running on the machines (e.g. operators of educational or corporate networks) follow some process that detects compromised machines based on anomalous network activity, takes care of malware removal, and tries to ensure that the machine has up-to-date patches. These processes could surely benefit from some automation. There are quite a few products in this area, but all which I've heard of so far completely lack integration with existing trouble ticketing frameworks, which make them rather pointless because you don't want to throw away your existing processes. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] The 'good worm' from HP
Thats pretty funny.. didnt someone else release a worm like that some time ago? The worm previoulsy released downloaded a patch from Microsoft to vulnerable machines, but I think these types of things create their own little DoS attacks when they get transmitted to offices with a less than desired Internet Connection. I dont think they're going to equip this thing with any type of intelligence to monitor Internet connection speeds or network bandwidth.. in view of this, I think thiswould just get classifiedinto another threat.KF_lists [EMAIL PROTECTED] wrote: This is cute...http://p2pnet.net/story/2182-KF___Full-Disclosure - We believe in it.Charter: http://lists.netsys.com/full-disclosure-charter.html__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [Full-Disclosure] The 'good worm' from HP
Thats pretty funny.. didnt someone else release a worm like that some time ago? The worm previoulsy released downloaded a patch from Microsoft to vulnerable machines, but I think these types of things create their own little DoS attacks when they get transmitted to offices with a less than desired Internet Connection. I dont think they're going to equip this thing with any type of intelligence to monitor Internet connection speeds or network bandwidth.. in view of this, I think this would probably just get classified into another threat. - JV KF_lists [EMAIL PROTECTED] wrote: This is cute...http://p2pnet.net/story/2182-KF___Full-Disclosure - We believe in it.Charter: http://lists.netsys.com/full-disclosure-charter.html Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!
Re: [Full-Disclosure] The 'good worm' from HP
On Fri, 20 Aug 2004 19:55:51 +0200, Maarten said: Stuff like counter-attacking has been discussed often, whether in large open forums such as FD or in more private circles. Mostly, people were too concerned to open themselves up for huge lawsuits and or for prosecution even, but now that an important influential company like HP is suggesting (building) it, this may well signifiy an important shift in the fight against malware. I, for one, welcome the initiative... Hmm.. a Magic Worm that goes around and fixes everything and makes it all better... just what we need. It's also the perfect cover to get Magic Lantern onto 90% of the boxes out there. Remember - it's not tin-foil paranoia when They have already come out and *said* They want to do it... ;) pgpB2TjRDNZKK.pgp Description: PGP signature
Re: [Full-Disclosure] The 'good worm' from HP
On Friday 20 August 2004 21:57, [EMAIL PROTECTED] wrote: On Fri, 20 Aug 2004 19:55:51 +0200, Maarten said: Stuff like counter-attacking has been discussed often, whether in large open forums such as FD or in more private circles. Mostly, people were too concerned to open themselves up for huge lawsuits and or for prosecution even, but now that an important influential company like HP is suggesting (building) it, this may well signifiy an important shift in the fight against malware. I, for one, welcome the initiative... Hmm.. a Magic Worm that goes around and fixes everything and makes it all better... just what we need. It's also the perfect cover to get Magic Lantern onto 90% of the boxes out there. Remember - it's not tin-foil paranoia when They have already come out and *said* They want to do it... ;) True. But then again, those who want to infect us with magic lantern type thingies don't neccessarily need a 'benign' worm to infect us. In fact, if they really wanted, they'd probably already infected us through other means. (And note that I'm not saying they didn't...) Maarten -- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] The 'good worm' from HP
Maarten wrote: Stuff like counter-attacking has been discussed often, whether in large open forums such as FD or in more private circles. Mostly, people were too concerned to open themselves up for huge lawsuits and or for prosecution even, but now that an important influential company like HP is suggesting (building) it, this may well signifiy an important shift in the fight against malware. I, for one, welcome the initiative... You need to read Vesselin Bontchev's classic Are 'Good' Viruses Still a Bad Idea? paper before you can even begin to enter this debate. And if you think the age of that paper automatically disbars it from contemporary discussion, the reason there are no more recent papers worth reading is because no-one has meaningfully challenged Bontchev's position since that paper was written. I hope the HP folk have read it and thought very carefully about all this... (Sadly the media reports are too light and fluffy to make anything sensible of what HP is really proposing.) -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
