[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Sheflug] Re: Security : Port scanning
> -----Original Message-----
> From: Chris J [mailto:cej [at] nightwolf.org.uk]
> Sent: 08 May 2003 11:40
> To: shef-lug [at] list.sheflug.org.uk
> Subject: RE: [Sheflug] Re: Security : Port scanning
>
>
>
> And Lo! Tthe Great Prophet " Morris, David \(Allvac, UK\)"
> uttered these words of wisdom...
> >
> >> Richard wrote:
> >> ...[stuff about bots]...
> >
> > Just out of curiosity, how did you come to that conclusion?
> >
> > (I don't fully understand the methods behind the hijacking
> / spoofing
> > bit, so any info would be useful).
>
>
> There are an increasing number of bots that install
> themselves on peoples machines, usually through social
> engineering (emails like "hi! here's a picture of my kids"
> ... you know the sort of thing). Essentially, it's getting
> the user to unwittingly install the bot in the first place.
That makes sense. I was thinking that it's the sort of thing that would
be difficult without an appropriate trojan of some description.
>
> Once it's installed, then controlling it is trivial in
> comparison, and depends a lot on what sort of firewall is
> stopping communications with the bot.
Agreed.
>
> But as with sex, take sensible precautions and nothing
> untoward will happen :)
Now when was the last time I ran AdAware? :-)
>
> Paranoia's a wonderful thing :)
...and perfectly justified, IMO.
We're just in the middle of preparing a load of stuff for auditors who
will be checking for compliance under the US Sarbanes-Oxley accounting
act (a downside of being US-owned :-), and one the things that crops up
as part of that is security, business continuity, disater recovery etc,
and sufficient security is part of that.
Ah well.
Thanks for the superb summary, Chris.
--
David
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.