Security Incidents mailing list archives
RE: Large ISP response to Code Red?
From: "Jonathan A. Zdziarski" <jonathan.zdziarski () micromuse com>
Date: Tue, 31 Jul 2001 13:04:59 -0400
My 2 cents: Security is everyone's responsibility. Microsoft needs to get on the ball and provide patches and workarounds much quicker than they have been. It wouldn't surprise me to see a class action suit crop up after this last failure to take action. ISPs [wrongly] trust the vendor to provide secure software. The other side of the coin is ISPs need to adopt the clue that it's their responsibility to manage their own network. Trusting your system to automatically update patches is going to do two things, 1) It's going to give you a false sense of security that the vendor is actually going to provide a patch to the security hole before it's exploited, and 2) Opens your network up to allow anyone controlling the update server to install code on your system (as was previously discussed in this thread). I truly feel sorry for the networks that don't have the money to hire enough talent to work around the holes in their OS and software, as a community we need to write more FAQs to educate the poor folks...but I don't have very much pity for these large ISPs who forego spending the money because they think it's not financially justified. If you're going to build a network you need to spend the extra $70-$100k to hire a decent security guy who will do his best to protect the network and keep things up-to-date. Vendors are too lax, but if you get hacked after a vulnerability has been discovered and you didn't take action, it's the ISPs own fault. -----Original Message----- From: Kris Carlier [mailto:root () iguana be] Sent: Tuesday, July 31, 2001 12:54 PM To: Mike Johnson Cc: incidents () securityfocus com Subject: Re: Large ISP response to Code Red?
To me, this is the answer. Server based systems usually have plenty of bandwidth. A different set of patches could be offered for the desktop class systems (Win9x, Me, 2k Prof.) that might be more bandwidth friendly and only applies to
small detail, IIRC, one of the windowsupdate servers fell victim to the CR attack itself. So, here's a rethorical question: would you like your system to be automatically updated ? What if the machine you trust is infected ? Helluvaway to efficiently distribute a worm, no ? kr= ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Large ISP response to Code Red? Jon O . (Jul 30)
- Re: Large ISP response to Code Red? Christian Kuhtz (Jul 30)
- Re: Large ISP response to Code Red? David Hickman (Jul 31)
- Re: Large ISP response to Code Red? Seth Arnold (Jul 30)
- Re: Large ISP response to Code Red? Mike Johnson (Jul 31)
- Re: Large ISP response to Code Red? Kris Carlier (Jul 31)
- RE: Large ISP response to Code Red? Jonathan A. Zdziarski (Jul 31)
- Re: Large ISP response to Code Red? Mike Johnson (Jul 31)
- Re: Large ISP response to Code Red? Rob McCauley (Jul 31)
- Re: Large ISP response to Code Red? Valdis . Kletnieks (Jul 31)
- Re: Large ISP response to Code Red? Christian Kuhtz (Jul 30)
- Re: Large ISP response to Code Red? kath (Jul 31)
- Re: Large ISP response to Code Red? Mike Lewinski (Jul 31)
- <Possible follow-ups>
- Re: Large ISP response to Code Red? Blake Frantz (Jul 31)
- RE: Large ISP response to Code Red? Jonathan A. Zdziarski (Jul 31)
- Re: Large ISP response to Code Red? Seth Arnold (Jul 31)