Full Disclosure mailing list archives
RE: Blackout responsibility?
From: "Drew Copley" <dcopley () eeye com>
Date: Fri, 15 Aug 2003 13:30:21 -0700
-----Original Message----- ....and if blaster actually *did* have something to do with the blackout, what are the chances that the company officials will give the real reason? i mean, they would be lucky that a relatively benign worm got to their systems. it could have been far worse.
A natural thought, however the odds are against such a cover up in the long run, because what Ben Franklin said is generally correct: "Three can keep a secret, if two of them are dead" The other probability going against this is that utility companies are not military or intelligence organizations where they might have experience in keeping secrets. The only probability working for this, I would guess, is that if an utility worker did discover this to be the case... They might not be believed. Unless they had hard evidence beyond just their own word. But, mechanically, of course, the strongest probabilities are against that the worm caused this damage. There are many things far more likely to have caused this damage and not the blaster nor the variants I have seen do anything which is extraordinary for worms to do. You are right, they are lucky, and I am sure that many of their systems did get infected. Such institutions generally have been found in the past to be poorly equipped to handle their own infrastructure security. Code Red, Slammer, Blaster... All have exploited wide open holes, they have all be relatively benign compared to previous worms such as CIH (which may be classified as a worm because it did rather effectively spread through file transfers)... Further, while the DDoS timed fuse concept is a potentially dangerous one for a worm, both Code Red and Blaster have been too loud to really pull it off well... And in their exposure, they left a wake of patched systems, which prevented a worm with a far more malicious and stealthy payload to appear. This probability remains rather high for future vulnerabilities of this nature (not too high, but a bit). This is because really simple relatively benign worms are more common, and therefore have a higher probability of appearing first. Personally, I think one of the worst worms has been Sircam which would take confidential information and send it out to the world... But, worms like CIH (and numerous other destructive worms, some of which 29a has pioneered) have shown that the power companies, and indeed, the world, have been quite lucky. (ref: http://news.spamcop.net/pipermail/spamcop-list/2001-July/016840.html )
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Blackout responsibility? John Sec (Aug 15)
- Re: Blackout responsibility? -SIMON- (Aug 18)
- <Possible follow-ups>
- RE: Blackout responsibility? Drew Copley (Aug 15)