RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

["Joe Klein" <jsklein () mindspring com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here is an interesting idea. If the database vulnerability and the patch has been available for over 6 months, wouldn't 
this be proof of "Lack of Due Care" by the companies which were impacted? Sounds like a potential class action suite 
against management of all public companies impacted. I suspect by there lack of action, it will impact all the stocks 
on Monday. The other question comes to mind. If this happended, how secure is the rest of the company networks.

Anyone know of a lawyer who would be interested in taking a case like this? 

Joe Klein
jsklein () mindspring com

- -----Original Message-----
From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Ron 
DuFresne
Sent: Saturday, January 25, 2003 8:01 PM
To: Jason Coombs
Cc: Richard M. Smith; 'Jay D. Dyson'; 'Bugtraq'; 'Full-Disclosure'
Subject: Re: [Full-disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!




You'll find that you underestimate the number of banks and credit related transactions that use internet connectivity 
to transact transfers and payment activity.  Pay attention next time you use a ATM or credit card at the gas pumps or 
the grocery, or a card in those ATM's in various malls and stores.  You'll hear the modems in many dialing during the 
'authorization' phase of the transaction, and few are dialing into a private networked system.



Thanks,

Ron DuFresne


On Sat, 25 Jan 2003, Jason Coombs wrote:

> Bank of America should never have allowed their ATM network to rely on 
> routes that could be impacted by non-ATM network computer systems.
>
> That Sapphire might have had this effect makes the sensibility behind 
> writing and releasing it even more apparent, if this was in fact 
> defensive work of a government agency as my speculation suggested.
>
> Jason Coombs
> jasonc () science org
>
> -----Original Message-----
> From: Richard M. Smith [mailto:rms () computerbytesman com]
> Sent: Saturday, January 25, 2003 1:11 PM
> To: jasonc () science org; 'Jay D. Dyson'; 'Bugtraq'; 'Full-Disclosure'
> Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
>
>
> However, this worm might not be so harmless as it appears because of 
> collateral damage:
>
>    Bank of America ATMs Disrupted by Virus
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It eliminates dreams, goals, and ideals and lets us 
get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPjNbgT1Xm8BE1/6HEQJJLgCglZ/zgYkaZ/HOz9BWdUb2X3igNlcAoN9E
t075RClV90Q7NAqx5uE5aC19
=fst/
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html