Re: another wave?

["Jay D. Dyson" <jdyson () treachery net>]

-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 24 May 2001, Chip Mefford wrote:

> > > Apparently chinese hackers are planning to release a variety of
> > > worms in the near future.
<snip>
> > I would like to ask the question, "What difference does it make?"
<snip>
> A sentry standing guard will pay better attention when he knows
> hostility is emminent. 

        This may be true, but a sentry will also come to blow off such
warnings when they come so frequently and are hyped beyond belief.  Right
now the security field appears to be inundated with both Chicken Little
and the Boy-Who-Cried-Wolf types. 

        General security measures (keeping up with OS and service patches,
disabling vulnerable services, using TCP wrappers, avoiding clear-text or
predictable authentication mechanisms, appropriately configured firewalls
and IDS's, having a sane remote access policy in force) will mitigate the
impact of any given worm, short of an outright DoS.

        Remember that these worms utilize tried-and-true exploits.  Those
exploits are consistently geared towards vulnerabilities that were
identified months (if not *years*) ago.  This has been true ever since the
1988 Morris worm.

- -Jay

  (    (                                                          _______
  ))   ))   .- "There's always time for a good cup of coffee" -.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) |    = |-'
 `--' `--'  `---- "Get in.  Sit down.  Hold on.  Shut up." ----'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBOw1j3NCClfiU/BIVAQF8sgP/ScxVBRj96JimETCCvBYebT2zLzYka+Gv
+jkGmVSIhF1ffFYQTq6HJn7ViKSPoxvp9XUpT6draa8AObX+FwB9ukA0uIGTyqId
zQ9Sbz5iUGr849Em7u2F58FI8cOP7QNLyLY8zL+TfLdqazLY2LYibhA6pLiQ0hiH
ZmGf9dgRdFs=
=B1kw
-----END PGP SIGNATURE-----