I learned the hard way that exploits can occur very rapidly once the exploit is announced. I was administering a Unix server and a particular IMAP exploit was announced. Being relatively new to server admin, I didn't do anything about it for a couple of days. Within the first week, the server had been exploited. I happen to be logged on when the exploit occurred so I was able to respond quickly and get it offline. I've since learned to install patches with high vulnerability quickly. I'm still reluctant to install certain Microsoft patches because they sometimes break things but it's either face that risk or a potential attack. Greg on 1/8/02 3:53 PM, leon at leonat_private wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi everyone, > > I have been reading this list for a couple of years now and I just > got done reading hacker's challenge. Great book (hi to everyone who > contributed and reads this list, I know David D is one of them). The > book is quite unique in how it goes about presenting itself. > Basically it is 20 challenges (here is what happened, here are the > logs, and here are some questions). At the end of the book are the > solutions (how a security professional figured out xy and most > importantly z). The reason I wrote the subject heading as I did is > because throughout the book they show case after case of remote > exploit all for vulns that are months old. On this list and the sec > basics I constantly (relative I know) hear people talking about being > compromised by vulns that patches have been available for, for > months. So I ask upon you incidents list (ye who have SO MUCH more > experience then I) do systems being compromised by zero day exploits > really happen (I am sure they happen but I am really curious as to > the frequency and how a professional goes about dealing with a never > seen before exploit.) Just figured I would throw that out there and > see how everyone responds because I was thinking about it on the walk > home (hey, shoot me, it is cold in nyc, gotta do something to keep > from freezing). > > Cheers & TIA, > > Leon -- Greg Francis Sr. System Administrator Gonzaga University francisat_private 509-323-6896 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 08 2002 - 21:39:00 PST