Educause Security Discussion mailing list archives
Re: [unisog] DShield and Symantec report MSBlast in wild
From: Gary Flynn <flynngn () JMU EDU>
Date: Tue, 12 Aug 2003 00:43:23 -0400
Edward W. Ray wrote: > While this is illegal, and no site should be DDoSed off the web, I find the > fact that the worm slams the M$ site rather amusing :) > > So much for Windows 2003 being "Secure by Default." One hopes that all vendors will learn that shipping a system with listening ports these days is foolhardy. You can't get the patches before you get infected/hacked anymore. And I don't just mean Microsoft. Unix's portmapper and related RPC services, NTP, plug-n-play, nothing should be turned on by default that opens a door on the network. BTW, I wonder what lawyers will make of the fact that Microsoft's security bulletin says: "RPC over UDP or TCP is not intended to be used in hostile environments such as the Internet" And it was shipped that way why? Is it time for a product recall of all defective CDs from registered owners and the supply chain? Otherwise, consumers go out and buy a new PC or OS CD, take it home, and promptly get infected. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: [unisog] DShield and Symantec report MSBlast in wild Gary Flynn (Aug 11)
- <Possible follow-ups>
- Re: [unisog] DShield and Symantec report MSBlast in wild Gary Flynn (Aug 11)