Vulnerability Development mailing list archives

Re: A code red that could bring down the net?

From: Birger Toedtmann <birger () takatukaland de>
Date: Mon, 23 Jul 2001 10:13:19 +0200

josh abulamhammedramashi schrieb am Sun, Jul 22, 2001 at 07:41:51PM -0700:
* I just wanted some input on this paper I wrote, It'd
* be nice for some input and constructive critiscm. I'd
* like to get this to eventually make the guest writer
* section on security focus. You can view it at
* http://www.whoredware.com/codered.html

You are talking about _the_ one deadliest virus.  But I think against that 
we have a cure nature lectured us about all the time: diversity.

This is the strongest argument against M$ taking over too much market share,
but also against *any* OS/software combination doing that, even Linux or
Apache.

As any virus can only attack a limited number of target holes, all services
or OSes it can not infect secure the net.  Have the whole net supplied with
one OS or service, someone will find a virus/worm and may bring it down 
completely.

This is even more severe for the router market.  As Cisco has a very high
share, suppose their IOS has a really severe hole or even a back door for
some evil agency?  Then the net is at their hands.

Regards,

-- 
  Birger Tödtmann
  Handwerker für elektronische Netzwerke und deren Dienste
  00 83 E2 57 EC 60 0B 1C  D3 18 AE 2A 40 55 81 22

Current thread:

Re: Win32.Sircam.Worm Alert....., (continued)
- - - Re: Win32.Sircam.Worm Alert..... H D Moore (Jul 24)
    - Re: Win32.Sircam.Worm Alert..... Martin Lindquist (Jul 24)
    - Re: Win32.Sircam.Worm Alert..... horape (Jul 25)
    - Re: Win32.Sircam.Worm Alert..... Pete Sherwood (Jul 25)
    - Re: Win32.Sircam.Worm Alert..... Miguel Angel Rodriguez Jodar (Jul 25)
    - multi-OS infections (was Re: A code red that could bring down the net? Meritt James (Jul 23)
    - Re: multi-OS infections (Multi OS shellcode) Riley Hassell (Jul 24)
    - Re: multi-OS infections (Multi OS shellcode) Damir Rajnovic (Jul 25)
    - Re: multi-OS infections (Multi OS shellcode) corecode (Jul 25)
    - RE: A code red that could bring down the net? Dom De Vitto (Jul 23)
    - Re: A code red that could bring down the net? Birger Toedtmann (Jul 23)
    - Re: A code red that could bring down the net? Michael Tench (Jul 23)
    - Re: A code red that could bring down the net? Felix Harris (Jul 24)
    - Re: A code red that could bring down the net? David R. Conrad (Jul 25)
    - Re: A code red that could bring down the net? Lynn Crumbling (Jul 25)
    - Re: A code red that could bring down the net? Sven van ´t Veer (Jul 26)
    - Re: A code red that could bring down the net? security curmudgeon (Jul 26)
    - Re: A code red that could bring down the net? Ian Stoba (Jul 25)
    - Re: A code red that could bring down the net? Michael Tench (Jul 26)
    - Re: A code red that could bring down the net? Jose Nazario (Jul 26)
    - Re: A code red that could bring down the net? Meritt James (Jul 24)

(Thread continues...)