Security Incidents mailing list archives
QAZ hitting MS
From: Pierre Vandevenne <pierre () datarescue com>
Date: Fri, 27 Oct 2000 13:40:21 +0200
Just a few comments on QAZ hitting MS Fact 1 Remote Access Trojans can be used to go around ANY level of defense (firewall, packet filters, strict access control, biometrics, etc... ) Fact 2 Microsoft has blurred the distinction between data and code to an extreme point - the ActiveX - Outlook - Exchange - Word - VBS - VBA cocktail is explosive. Fact 3 There will always be, at Microsoft and everywhere else, people who will run unknown code without understanding the underlying risks. Clever people too. Education will not help the distinction is not obvious. Given Fact 1 + Fact 2 + Fact 3, it is OBVIOUS that there is no way to build a secure architecture with the current integrated model. Commentary I am a bit tired to repeat this. When Melissa struck, I said that if the mail servers of the military organizations that were hit yielded to 100 lines of VBS code, the lesson to learn was that the architecture was vulnerable. Not that hackers should be harshly punished. I repeated the same with LoveLetter - I still remember that law enforcement officer proudly displaying the evidential floppy and claiming, after weeks of investigations, that close to 40 people had collaborated on the virus/worm. Laughable. The architecture proved to still be (and even more) vulnerable. While we have so far avoided another large scale incident, we still haven't changed our habits. In this case, after its entry in an organization, QAZ spreads through the use of unprotected network shares, somewhat ironically a feature that also appears on the most top 10 vulnerabilities list... To cut a long story short - I am sure I won't be the only one to comment on that <G>, they got blasted because someone ran hostile code within the supposedly safe boundaries of their network - let's see what they do about it and let's hope they don't solve the problem by firing one guy here and there... --- Pierre Vandevenne - DataRescue sa/nv Home of the IDA Pro Disassembler - Version 4.14 now available ! http://www.datarescue.com/idabase/ida.htm
Current thread:
- [no subject] Abe Getchell (Oct 27)
- [no subject] Mike Lewinski (Oct 27)
- [no subject] John Hall (Oct 28)
- Re: your mail Nick Phillips (Oct 28)
- Re: 1024 & DistributedDirector Mike Lewinski (Oct 28)
- Load Balancing Protocol (was Re: your mail) Crist Clark (Oct 31)
- Re: Load Balancing Protocol (was Re: your mail) Nick Phillips (Oct 31)
- QAZ hitting MS Pierre Vandevenne (Oct 28)
- [no subject] Mike Lewinski (Oct 27)
- Re: your mail jerm (Oct 28)