Full Disclosure mailing list archives
RE: The worm author finally revealed!
From: Ron DuFresne <dufresne () winternet com>
Date: Fri, 31 Jan 2003 21:43:03 -0600 (CST)
On Fri, 31 Jan 2003, Schmehl, Paul L wrote: [SNIP]
Now I'm even more surprised that you haven't gotten my point. Or are you just trying to play devil's advocate? My point is that the twits that think every admin whose network got one instance of Slammer or who wasn't already blocking 1434/UDP should be fired for incompetence simply don't have any comprehension of how a large network works. It's easy to say "pull the plug" when you're not responsible for the boxes. It's a bit harder when you have competing constituencies demanding opposing actions. At UTD we *do* pull the plug. But I would never be so arrogant as to demand that someone else do, because I don't know their network. There can be a *ton* of reasons why something wasn't done (like patching or blocking ports) *other than* incompetence.
Some of us do understand the point you are trying to make, we are just rejecting it's validity. The point<s> is/are: The information about a weakness, and a dramatic weakness was available for at least 6 months. Even though the windows patch world is a nightmare With or without 3rd party software issues>, that's what admins and security folks get paid for. Thus, if they are doing their jobs, patches are applied <at the least on those hardend machines in exposure, most often on a DMZ>, and the vulnerable systems not able to be patched are properly protected by the perimiter security devices. Anything less, is inexcusable. Either the security folks have a policy and the power to enforce it, or they don't. If the environment is lacking the political momentum to provide a strong enforacble security policy, then like every place else, it's about time those clued in start playing the political game to get that policy and power, or look for a better climate to work. A person has alot of assets available to them to fight for security at the moment with homeland security and all the government 'initiatives', hell te windows folks have the words of Bill Gates to lean on to make a point about the importance of protecting the assests of the organization, be it a edu, com, or org. What is shocking, is that so many didn't pay full attention to the information available to allow this bandwidth-spammer to have as dramatic affects as it did. A good number of places that were properly prepared were affected by the many that weren't. Sadly, some of us are going to be shocked again in another 6 months when new code cripples large portions of the net for a few hours or a few days depending upon perhaps the 'conscious' of him/her/them that unleashes it and the payload they pack it with... Thanks, Ron DuFresne <it's all politics, but the work you get paid for...> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: The worm author finally revealed! yossarian (Jan 31)
- <Possible follow-ups>
- Re: The worm author finally revealed! Paul Schmehl (Jan 31)
- Re: The worm author finally revealed! Ron DuFresne (Jan 31)
- Re: The worm author finally revealed! Paul Schmehl (Jan 31)
- Re: The worm author finally revealed! yossarian (Jan 31)
- RE: The worm author finally revealed! Sung J. Choe (Jan 31)
- Re: The worm author finally revealed! yossarian (Feb 01)
- RE: The worm author finally revealed! Schmehl, Paul L (Jan 31)
- RE: The worm author finally revealed! Ron DuFresne (Jan 31)
- Re: The worm author finally revealed! Jonathan Rickman (Jan 31)
- Re: The worm author finally revealed! Douglas F. Calvert (Jan 31)
- Re: The worm author finally revealed! David Howe (Feb 03)
- Re: The worm author finally revealed! David Howe (Feb 03)
- Re: The worm author finally revealed! David Howe (Feb 03)