Re: [Full-Disclosure] Removing ShKit Root Kit

[Ron DuFresne <dufresne@winternet.com>]

Hell, if the concern about valid data is nothing, why even restore the OS
and all, just allow the hacker unmitigated access from now till they tire,
or sell your system access to a pal...

>
> It always will depend on the situation. Is throwing away a few million
> transactions acceptible, when it might take a couple of hours or less to
> compare the Oracle user list against a known good list? Should you
> scrutinize each of those millions of transactions that occured between
> compromise and detection to make sure each and every one of them are
> legit? If doing so costs more than it is worth (define as you wish), it
> won't happen, and shouldn't.
>

Not going over the most recent transactions could well cost one, depending
of course on the data stored within.  Say it's a DB of all the purchases
for your new $100 killer app, and at a few million adulterated
transactions, dropping the going price from $100 to say $0.01, what have
you got now, time to file those bankruptcy papers?  Good thing you saved
yourself a few hours!

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html