Re: tech support being flooded due to IE 0day

[Joel Jaeggli <joelja () uoregon edu>]

Gadi Evron wrote:
> On Thu, 21 Sep 2006, Dave Stewart wrote:
> > At 10:28 PM 9/21/2006, you wrote:
> >
> > > > 2) how is this different from any other large worm outbreak thing
> > > It's not.
> > Which makes it operational in which sense?
> >
> > I'm starting to think that these "alerts" need to be filed along with 
> > the daily "OMG, evil people are taking over your computer if you 
> > don't send this to at least 10 people" IMs.
> >
> > Paranoia has its place, but this ain't the place. 
>
> The report is NOT paranoia. Several LARGE user ISPs suffer immensely from
> this. Use this information if it is useful to you and you encounter the
> same problems.

Gadi, your initial query lacked the factual background that would have
been useful for someone to decide if it was relevant to them or not.
While I do believe that the intersection of host and applications issues
and networking has applicability here I will make two observations that
I hope are not wildly off the mark.

Many of the people on the operations side of networks do not spend a lot
of time on security mailing lists. They also don't spend a lot of time
looking into their own support organizations until until problems get
escalated to them, so your initial post could have used more background.

Even in an enterprise it's really hard to justify the expenditure that a
 rapid response to a host security problem involves. For an isp which is
not likely to be in the position to recover the cost of being reactive
let alone pro-active I can't imagine how they would possibly support
desktop issues like this.

joelja

> Thanks,
>
>       Gadi.

-- 
------------------------------------------------------------------------
Joel Jaeggli             Unix Consulting              joelja () uoregon edu
GPG Key Fingerprint:   5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2