nanog mailing list archives
Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Mon, 19 Apr 2004 08:22:48 -0400
On Mon, 2004-04-19 at 06:27, Brian Russo wrote:
There're a lot more 0-days than that.
Agreed. My ego has not grown so large as to think I've seen every 0-day. ;-) As I said however, the true number of 0-day is less than ground noise compared to the number of systems that *could* have remained safe with proper patching or configuring.
They just tend to remain within a smaller community (typically the ones who discover it) and are used carefully/intelligently for compromises, often for a very long time.
Agreed. I think part of what makes 0-day easier to hide *is* the raw quantity of preventable exploits that are taking place. In many ways we have become numb to compromises so that the first response ends up being "format and start over". If 0-day was a higher percentage, it would be easier to catch them when they occur and do a proper forensic analysis.
Agreed, and even conscientious users screw up. I did this some months ago when installing MS SQL Server Desktop Engine from a third-party CD (packaged with software).
<RANT> I guess I have a hard time blaming this type of thing on the end user. Part of the fall out from making computers easier to use, is making it easier for end users to shoot themselves in the foot. One of the benefits of complexity is that it forces end user education. I'm guessing that if you had to load SQL as a dependency you would have caught your mistake before you made it. Let me give you an example of the easy to use interface thing. Back in 2000 I made it a personal goal to try and get the top 5 SMURF amplifier sites shut down. I did some research to figure out what net blocks were being used and started contacting the admins. Imagine my surprise when I found out that 3 of the 5 _had_ a firewall. They had clicked their way though configuring Firewall-1, didn't know they needed to tweak the default property settings, and were letting through all ICMP unrestricted and unlogged. IMHO its only getting worse. I teach a lot of perimeter security folks and it seems like more and more of them are moving up the ranks without ever seeing a command prompt. I actually had one guy argue that everything in Windows is point and click and if you could not use a mouse to do something, it was not worth doing. Again, I don't see this as an end user problem because as an industry we've tried to make security seem easier than it actually is. We want to make it like driving a car when its more like flying an airplane. </RANT> Cheers, Chris
Current thread:
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT), (continued)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Brandon Shiers (Apr 18)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Petri Helenius (Apr 18)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Henry Yen (Apr 18)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Peter Galbavy (Apr 19)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Michael Painter (Apr 19)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Patrick W . Gilmore (Apr 19)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Paul Vixie (Apr 19)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) John Kristoff (Apr 19)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Chris Brenton (Apr 19)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Brian Russo (Apr 19)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Chris Brenton (Apr 19)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Brian Russo (Apr 19)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Jeff Shultz, WIllamette Valley Internet (Apr 19)
- RE: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Geo. (Apr 19)
- Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) Alexei Roudnev (Apr 19)
- Re: Lazy network operators - NOT Paul Vixie (Apr 19)
- Re: Lazy network operators - NOT Sean Donelan (Apr 19)
- Re: Lazy network operators - NOT Matt Hess (Apr 18)
- Re: Lazy network operators - NOT Alexei Roudnev (Apr 18)
- Re: Lazy network operators Joel Jaeggli (Apr 14)