You just needed one host exposed/brought in to infect huge lans - see (allegedly) MSFT, HP, etc. If an infected laptop was put into hibernation (this particular nasty didn't write anything to disk - it goes away if machine is power cycled), and brought into a corp and placed behind the firewall, it could then run rampant, regardless of ports being open, so long as the default outbound firewall rules are permissive.

Worrying about what ports are open is a problem - if that is your only defense, what happens when things break down?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/140/18072#18072