Re: The worm author finally revealed!

[madsaxon <madsaxon () direcway com>]

> Backing the patches out didn't do a thing, so now we have to return all
> the way to SP2, reinstall HEAT and then patch back to the level right
> *before* the one that took it down.  You can just imagine how thrilled
> the admins are to have to do that - and the next time they have to patch
> that box, they'll be real leery about doing it.  And these are admins
> who are *very* conscientious about patching and *very* aware of security
> issues.

That happens where I work, too.  Every new patch breaks something else,
and since a fair amount of our software is custom-designed, we have to
get the vendors to rush out and figure out how to patch their stuff to
be compatible with the new patch.  That costs beaucoup bucks, and meanwhile
our clients are screaming because their application is down.  The next
time a patch comes out, management is very reluctant to allow us to install
it, so we have to do a cost-benefit analysis on which would be the greater
evil: leaving the vulnerability unpatched or pissing off our clients with 
yet another
period of downtime.  If we don't patch, we get called "irresponsible" and 
"lazy."
If we do patch, we further erode client confidence in our ability to maintain
quality of service.

I personally argued strongly against Microsoft servers in the first place,
but of course that was pooh-poohed as just sour grapes from an old Unix 
fossil.

This is not a black and white issue with cut and dried solutions.  That's not
to say, however, that we shouldn't nevertheless continue looking for them.

m5x

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html