Full Disclosure mailing list archives

Re: The worm author finally revealed!

From: Paul Schmehl <pauls () utdallas edu>
Date: 31 Jan 2003 17:50:01 -0600

On Fri, 2003-01-31 at 15:17, yossarian wrote:


What you are advocating, is taking legal action to everyone except the
professionals in your dept. too busy to fix their boxes.

I wasn't *advocating* anything.  I was trying to highlight how
ridiculous some of the demands are when something blows up - like
Slammer.

If I add your recent posts up: responsible are the virus makers, the people
doing full disclosure, the ISP's, the home users unknowingly or cluelessly
running SQL server, maybe MS for making this buggy product, anyone but your
beloved admins who get leery, but  have no clue: 6 months after the release
of the hotfix, someone somehow patched the server just before slammer, and
this, not the virus, took down your helpdesk system. Yeah, right.


Yeah, you sure got it.  Not!


And to fix the system, it had to be completely rebuild. Did you ask HEAT?


Gosh - that never even occurred to us. :-)

You had no back-ups? No pre-patch test - BTW it was no hotfix but in a
service pack, just released - did your people really install an SP without
testing?


Sure.  We do that all the time.  We're those idiots everybody complains
about.

No test system - helpdesk systems are generally considered
critical, so a back-up system is essential and you can use this for test -
just make a disk image first. Can be an older box, if it is not 100%
identical the test will not be 100% reliable but it will give you a general
idea of the impact of an SP. No roll back scenario. You have no firewall,


Don't assume what you don't know.  (You've done enough of that already.)

How many systems are you responsible for?


The diff is that I do not tolerate sorry excuses, nor putting the blame on
any external party, not from my CISO, nor from my helpdesk. You are too
defensive.

And you own what?  Exactly?

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: The worm author finally revealed! yossarian (Jan 31)
- <Possible follow-ups>
- Re: The worm author finally revealed! Paul Schmehl (Jan 31)
  - Re: The worm author finally revealed! Ron DuFresne (Jan 31)
- Re: The worm author finally revealed! Paul Schmehl (Jan 31)
  - Re: The worm author finally revealed! yossarian (Jan 31)
- RE: The worm author finally revealed! Sung J. Choe (Jan 31)
  - Re: The worm author finally revealed! yossarian (Feb 01)
- RE: The worm author finally revealed! Schmehl, Paul L (Jan 31)
  - RE: The worm author finally revealed! Ron DuFresne (Jan 31)
- Re: The worm author finally revealed! Jonathan Rickman (Jan 31)
- Re: The worm author finally revealed! Douglas F. Calvert (Jan 31)
- Re: The worm author finally revealed! David Howe (Feb 03)
- Re: The worm author finally revealed! David Howe (Feb 03)
- Re: The worm author finally revealed! David Howe (Feb 03)