Full Disclosure mailing list archives
RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
From: Ron DuFresne <dufresne () winternet com>
Date: Sun, 26 Jan 2003 15:34:32 -0600 (CST)
On Sat, 25 Jan 2003, Schmehl, Paul L wrote:
Cyberterrorism???? Getting a bit hyped up, aren't we? It's just another stupid worm. And blaming admins for not patching there boxes is bull. You ever been to a university? I defy you to even know where all the vulnerable boxes are, much less get the "owners" to patch them. And tomorrow there will be more - because Microsoft has convinced the world that it's easy to run a box to do whatever it is you need to do, without knowing the first damn thing about security. Put the blame where it belongs - vendors who put out crap for software and jerks who take advantage of that. Until you've walked a mile in the shoes of the admins having to deal with this, keep your smug self-righteous indignation to yourselves.
Admins of the boxes in question and more directly the network admins are fully responsible. But, perhaps the real issue here is this is a rationale for more distinct perimiter boundries. That and the fact that foreknowledge of M$-SQL issues have been known since slapper at the least and thus, these ports should have long been blocked or 'protected' on the perimiters. Yet, even if you have an internal 'cloud' of systems, they have entrance and exit points to and from your .edu network. It might seem dramatic, but closing the access/entrance points from those systems that have/had been compromised would prhaps quickly resolve the issues in that .edu domain you are charged with. If the .edu domains policies do not allow such 'extreme' measures of dealing with admins not up to snuff, then the matter needs to be pushed up the chain of that domains 'management', which of course starts with admins, in staff meetings, pushing their teir one folks and managers to push for something higher in the feeding chain. Whining that your hands are too full to do the job you are hired and paid to do, while waiting for vendors to fix issues that they have a long record of wanting to avoid dealing with, will get nothing accomplished. Thanks, Ron DuFresne
-----Original Message----- From: Matt Smith [mailto:ratman6 () earthlink net] Sent: Saturday, January 25, 2003 7:29 PM To: 'Richard M. Smith'; jasonc () science org; 'Jay D. Dyson'; 'Bugtraq'; 'Full-Disclosure' Subject: [Full-disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Guys, This puppy is FAR from harmless and I mean far, This SOB is gonna wind up worse than Code Red, Nimda, or even the great worm of '88. I doubt very much the Morris Worm downed ENTIRE COUNTRIES, as Sapphire did to South Korea today. Cyberterrorism has been spoken of for years. Well, guess what boys and girls, it's here, right now. :(. Curious this thing started up on a Friday night isn't it??? All the sysadmins are gone for the weekend and thus could not respond it a timely fashion to this latest security threat. This one is not gonna cleaned up for awhile. I think this thing was written as a weapon of terrorism and it is doing its job. Much to the chagrin of the people like me who now have to deal with the backlash this thing is causing :(. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!, (continued)
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! moksha faced (Jan 27)
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jason Coombs (Jan 27)
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Albert Sunseri (Jan 27)
- RE: Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Brett Moore (Jan 27)
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Erik Enge (Jan 28)
- Re: Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! David Howe (Jan 28)
- RE: Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Brett Moore (Jan 27)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Schmehl, Paul L (Jan 26)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Henrik Lund Kramshøj (Jan 26)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Blue Boar (Jan 26)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Ka (Jan 26)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Henrik Lund Kramshøj (Jan 26)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Ron DuFresne (Jan 26)
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! moksha faced (Jan 27)
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! jmcguire (Jan 26)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Schmehl, Paul L (Jan 26)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! hellNbak (Jan 26)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Ron DuFresne (Jan 27)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Schmehl, Paul L (Jan 26)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! hellNbak (Jan 27)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Nick Jacobsen (Jan 27)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! martin f krafft (Jan 27)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! hellNbak (Jan 27)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Ron DuFresne (Jan 27)