Re: The worm author finally revealed!

[futureshoks () hushmail com]

-----BEGIN PGP SIGNED MESSAGE-----

(Again no personal attacks: I respect what you guys have to say).


[Paul Said:]
Firewall?  DMZ?  What makes you think everybody has those?  How 'bout an
even more esoteric question?  Why do the tier 1 providers (like UUNET)
allow traffic on port 1434???
[/Paul]

Because its not their call. I could write an EncryptoWidget for my company and have is using 1434/UDP - what right does 
my ISP or any other carrier have to decide what ports I can and can't use?

With an increase of traffic moving over TCP port 80: remote desktop control[1], SSL VPNs[2], to name a few, 
conventional firewalling will surely become somewhat moot. We'll all be wrapping things up as MIME-encoded HTML (and 
wasting a whole load of bandwidth too) just to get through the firewall. I have actually seen products advertised as 
"can be used from any PC with a web browser so as avoid internet firewalls".

We're just moving sideways if people think like this; Security is a hinderance to be avoided. So yes you are right 
about education and taking the initiative. If someone could only come up with that elusive formula that showed how 
increased security was directly proportional to Management bonuses we'd be laughing :)

[Mark Said:]
It also shows how many companies could give two sh!ts about
patching and firewalling important boxes internally.
[/Mark]

Whilst contacting (read 'forcing') people to patch their SQL Servers once and for all or be thrown off the network I 
constantly met with the same response: "but it's behind the firewall isn't it". This goes to show that even when people 
do recognise the security issues abound on todays Internet they don't understand the nature and technicalities of 
exploits. They don't know that some traffic can transverse firewalls when it's not supposed to. They don't know about 
VPN connections to branch offices. They don't know about firewall interfaces, DMZs, etc, etc. As long as the port is 
blocked to the world then we're all safe.

[Mark Said:]
This goes FAR beyond forgetting to install a simple patch, I think
it shows just how many poeple out there have no port filtering
in place and probably check off "full install" on their windows
servers without a second thought.
[/Mark]

That's because they're all textbook MCSEs without an once of noodle between them (or they're developers: I swear 
without developers our network security would increase ten-fold) and are more interested in getting things to work than 
security. Afterall IT that isn't working is just a waste of money.

________
[1] http://www.webex.com
[2] http://www.nortelnetworks.com/products/01/alteon/sslvpn/

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wmAEARECACAFAj46rjIZHGZ1dHVyZXNob2tzQGh1c2htYWlsLmNvbQAKCRCz85xsvW2z
xZxgAKC2o1Wxe+EgrO0snDEtrCN7RUHfvACfbq+dEMbg+GXIHWzT5EHqoHijFL8=
=kGOH
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html