

Security Professionals: Yes we're vulnerable but that vector will never happen - foxhop
http://russell.ballestrini.net/security-professionals-yes-we-appear-vulnerable-but-that-attack-vector-will-never-happen/

======
count
I really don't agree with most of this article.

Scanning of file shares is important. You cannot be sure that every machine on
your network that has access to that file share has the same, running,
correctly configured, up to date, active antivirus application running.

You also can't be sure your UNIX system sharing files to Windows machines (or
other NAS) wasn't compromised and used to seed infected files into shares used
by those Windows machines. If you simply don't use UNIX or NAS systems to run
file shares for Windows domains, you can put AV on the Windows server sharing
the files and have _it_ scan on access, and avoid that 'whole system' scan
issue.

There's a huge difference between 'root' and 'elevated privileges'. Especially
in a Windows environment (which most are these days) - 'Power Users' or other
users granted _elevated privileges_ to do things like 'installing their own
printer drivers', don't have administrative control over the machine or the
domain, but have elevated privileges that can be used to exploit the attack
vector. Such privilege is widely used in large corporate environments, and so
it shouldn't be discounted.

I'm mixed on the topic of fire-walling off known attacker addresses. Sure, it
won't stop anybody willing to put in even tiny effort. It will, however, stop
you from getting nailed because someone forgot to update that wordpress system
they forgot to tell you they were running. If you have perfect CM (hah), sure,
go ahead and ignore the junk scanners on the interwebs. If you have less than
perfect CM, such things may help save your ass in a situation you shouldn't be
in in the first place.

------
kryptn
| If a vulnerability requires root or elevated privileges to occur, don’t
waste your time resolving it. If the attacker already has root, you have
bigger problems on your hands.

Well said. I've never considered it that way.

| No system is perfect.

A perfect system is an unplugged system.

~~~
foxhop
| A perfect system is an unplugged system.

I like that quote, do you recall the owner?

~~~
mtogo
Every security professional ever.

