[Dailydave] NSRL status check
Lance Spitzner
lance at honeynet.org
Tue Dec 12 09:58:35 EST 2006
> The way I read it, the most recent release was made October 2006:
> http://www.nsrl.nist.gov/Downloads.htm#isos
>
>> On the face of it such a list seems useful in forensic situations
>> at least.
>
> Indeed. Most commercial forensic software comes with instructions on
> how to use NSRL RDS with the software.
When I used to work for Sun on incident response, Sun maintained a
MD5 repository (and they may still do so today), of all the known
binaries released by Sun. The idea was, you could do an automated
check on a system, looking for Sun binaries that did not match any
known signatures. Based on this model, an easy way to create a
backdoor would be to simply replace a current binary/file with
another known/valid file, but one that is much older and with known
vulnerabilities.
lance
More information about the Dailydave
mailing list