Firewall Wizards mailing list archives
Re: The Morris worm to Nimda, how little we've learned or gained
From: Ryan Russell <ryan () securityfocus com>
Date: Fri, 4 Jan 2002 20:21:36 -0700 (MST)
On Thu, 3 Jan 2002, Richard Johnson wrote:
Some organizations have made progress on #3. Outlook and Outlook Express came close to being banned at ucar.edu due to the severe time drain caused by always having to clean up after the latest Outlook-enabled virus. Sadly, the entrenched convenience argument was used in conjunction with the lack of enforceability cop-out to water the ban idea down to a "we disrecommend the use of Outlook and Outlook Express."
Note that is a pretty poor excuse (the unenforcability part.) Every mail client announces what is is every time mail is sent. Use your favorite NIDS to RST the connections and/or correlate them to usernames when they use the same IP to get POP/IMAP mail. I'm not faulting you... I'm faulting people who assuming something is a social problem when there's a dandy technical solution. (Or I just misunderstand the problem... there is a risk just having Outlook/OE installed, even if you don't use it. I don't think you can take it off nowadays without going to a lot of trouble to make a Windows Lite.) Ryan _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: The Morris worm to Nimda, how little we've learned or gained Marcus J. Ranum (Jan 03)
- Re: The Morris worm to Nimda, how little we've learned or gained Paul D. Robertson (Jan 04)
- Re: The Morris worm to Nimda, how little we've learned or gained Richard Johnson (Jan 04)
- Re: The Morris worm to Nimda, how little we've learned or gained Ryan Russell (Jan 05)
- Re: The Morris worm to Nimda, how little we've learned or gained Frederick M Avolio (Jan 04)
- Re: The Morris worm to Nimda, how little we've learned or gained Adam Shostack (Jan 04)
- RE: The Morris worm to Nimda, how little we've learned or gained robert_david_graham (Jan 04)
- RE: The Morris worm to Nimda, how little we've learned or gained Ryan Russell (Jan 05)
- OT: Re: The Morris worm to Nimda, how little we've learned or gained Roelof JT Jonkman (Jan 05)
- Re: OT: Re: The Morris worm to Nimda, how little we've learned or gained H. Morrow Long (Jan 06)
- Host Based Packet Filters (was: OT: The Morris worm to Nimda, how little we've learned or gained) Robin S. Socha (Jan 06)
- safety of unidirectional NT trusts hermit921 (Jan 15)
- Re: safety of unidirectional NT trusts Jonas Anden (Jan 16)
- Re: safety of unidirectional NT trusts S. Jonah Pressman (Jan 17)
(Thread continues...)