Re: Internet Attack's Disruptions More Serious Than Many Thought Possible

[InfoSec News <isn () c4i org>]

Forwarded from: H C <keydet89 () yahoo com>

I'm concerned that the wrong impression is being given w/ articles
like this.

I understand that the AP's readership is much, much broader than SF's,
but I don't see that as an excuse for describing a worm attack as
"virus-like".  Perhaps a better idea than an incorrect analogy would
be to actually put a brief statement in regarding the differences
between a virus and a worm.  After all, the security people here have
to deal w/ both users and managers who now have this misconception, on
top of an already weak understanding of security in general.

Confusion on terminology is only going to weaken consumer confidence
at large.  Why not arm the consumer with correct information, rather
than muddling the issue w/ incorrect data?

Regarding the disclosure issue...MS released/disclosed a patch on 24
July 02...a fact conveniently missing from the article.  Rather than
an issue of how much is too much to disclose, why not address the real
issue...the products in question should never have been exposed to the
Internet.  The issue was only an exploitable vulnerability if it could
be executed...and as yet, there hasn't been a valid business case
presented for exposing that port for that application to the Internet.

While Mr. Bridis did state later in his article that congestion was an
issue, his early statements regarding corporate and gov't systems
(banking, 911, etc) does not clearly state whether the inability to
reach the systems described was due to infection of those systems by
the worm, or was due to the resulting congestion on the 'Net.  The way
the article states these issues, there seems to be confusion.  
Several folks I've spoken with came away from reading this article w/
the understanding that the systems were infected by the worm.


--- InfoSec News <isn () c4i org> wrote:
> http://ap.tbo.com/ap/breaking/MGAPX0P2HBD.html
>
> By Ted Bridis 
> Associated Press Writer 
> Jan 27, 2003
>
> WASHINGTON (AP) - The weekend attack on the Internet crippled some
> sensitive corporate and government systems, including banking
> operations and 911 centers, far more seriously than many experts
> believed possible.
>
> The nation's largest residential mortgage firm, Countrywide
> Financial Corp., told customers who called Monday it was still
> suffering from the attack. Its Web site, where customers usually can
> make payments and check their loans, was closed with a note about
> "emergency maintenance."
>
> Police and fire dispatchers outside Seattle resorted to paper and
> pencil for hours Saturday after the virus-like attack disrupted
> operations for the 911 center that serves two suburban police
> departments and at least 14 fire departments.
>
> American Express Co. confirmed that customers couldn't reach its Web
> site to check credit statements and account balances during parts of
> the weekend. Perhaps most surprising, the attack prevented many
> customers of Bank of America Corp., one of the largest U.S. banks,
> and some large Canadian banks from withdrawing money from automatic
> teller machines Saturday.
>
> President Bush's No. 2 cyber-security adviser, Howard Schmidt,
> acknowledged Monday that what he called "collateral damage" stunned
> even experts who have warned about uncertain effects on the nation's
> most important electronic systems from mass-scale Internet
> disruptions.
>
> "One would not have expected a request for bandwidth would have
> affected the ATM network," Schmidt said. "This is one of the things
> we've been talking about for a long time, getting a handle on
> interdependencies and cascading effects."

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.