Yes I agree that this is the only option when you do not have the
resources or skills to investigate thoroughly.
Ed <http://blog.eonsec.com>
On Jan 31, 2008 2:15 AM, Jason Stelzer <jason.stelzer (at) gmail (dot) com [email concealed]> wrote:
> All bets are off because there is no way to conclusively prove that a
> compromise stopped at a certain point. Best practice dictates that you
> reimage the box[1]. The issue really is that nobody has complete
> knowledge of everything. Any number of as yet unreported exploits
> could have been used to elevate privileges for example. I'll go out on
> a limb and claim that various blackhat communities know of exploits
> that vendors and admins are as yet unaware of.
>
> ...
resources or skills to investigate thoroughly.
Ed <http://blog.eonsec.com>
On Jan 31, 2008 2:15 AM, Jason Stelzer <jason.stelzer (at) gmail (dot) com [email concealed]> wrote:
> All bets are off because there is no way to conclusively prove that a
> compromise stopped at a certain point. Best practice dictates that you
> reimage the box[1]. The issue really is that nobody has complete
> knowledge of everything. Any number of as yet unreported exploits
> could have been used to elevate privileges for example. I'll go out on
> a limb and claim that various blackhat communities know of exploits
> that vendors and admins are as yet unaware of.
>
> ...
[ reply ]