Re: Full analysis of the .ida "Code Red" worm.

["JNJ" <jnj () pobox com>]

> This DOES raise some pretty fundamental questions about the security of
> all the infrastructure, because, in theory the compromised servers
> _could_ have been exploited more extensively and _could_ be delivering
> nastily compromised stuff around. I have no reason to believe it has
> happened, but still...

<soapbox>
I have to disagree.  Microsoft released a patch for this issue on 6/18/2001.
Here we are, a tad over a month later, and the issue is being exploited en
masse.  This calls to question the attention of systems administrators to
their networks.  The days of selective application of security patches are
long since over.  IMHO, systems affected by this recent outbreak are being
administered by techs that need to pay closer attention to their
installations and keeping them up to date.

As the world reliance on computer systems continues to increase, it become
more and more imperative that people learn these are not simply toasters
that sit on the kitchen counter.  Regular maintenance and attention is
required and an irresponsible or ignorant attitude towards these things is
the true threat to the infrastructure.  The only security issue here is the
human element as always.  Microsoft has already come up with a tool that
automagically notifies users/admins of the need to update their system
within moments of a patch being released.  What should they do next --
auto-patch the systems for the user/admin to ensure the security of the
infrastructure?  Maybe the user/admin needs to learn about that toaster on
the countertop.
</soapbox>

James