[Dshield] Port 113

Deb Hale haled at pionet.net
Fri Aug 8 14:42:39 GMT 2003

They aren't the only Higher Ed that has been hit.  The following is an
article about Stanford.


Of course, it is summer - maybe they didn't have anyone there to apply the
patches :(-  :)

Deborah F Hale
Certified Business Continuity Professional/Computer Security Specialist
BCP Enterprise, Inc
Telephone: (712) 252-0361

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Paul Marsh
Sent: Friday, August 08, 2003 9:05 AM
To: General DShield Discussion List
Subject: RE: [Dshield] Port 113


	Thanks for the info, it's kind of odd you should mention Berkeley.
The following is a an article from today's "Chronicle of Higher Education"
regarding DCOM at Berkeley.

Again thanx, Paul

Network Administrators on Campuses Scramble to Fix 'Critical' Security Flaw

Following recent cybersecurity warnings from the U.S. Department of Homeland
Security, computing administrators at colleges and universities have been
scrambling to protect their networks and apply security patches to affected

The University of California at Berkeley, for instance, limited access to
its network this week so that system administrators could apply patches to
more than 2,000 computers running Microsoft's Windows operating system.
Technicians acted after a scan of the university network showed that more
than 150 Windows computers had already been attacked. 

In the span of three weeks, the federal government has twice issued
advisories about threats posed by newly discovered security holes in most
Windows operating systems, including even the latest releases. Vulnerable
systems could easily be used by hackers to run malicious code; to copy,
change, or delete data; or to create unauthorized user accounts. 

On Tuesday, technicians at Berkeley started limiting some off-campus access
to the network to protect machines that needed the security patches, says
Craig Lant, the security officer for the university's information-systems
office. For those compromised systems that had already been attacked, Mr.
Lant says, technicians had to go through the tedious process of reinstalling
their operating systems and then installing the security patch as well. 

The people inconvenienced by the limited access were those who had
configured their Windows computers in their offices so that they could
access their files from home. Also inconvenienced were those who use a
Microsoft Exchange server on the campus to gain access to their e-mail when
they are away from the campus. 

The latest Windows security flaw was discovered by a Polish
security-research group and reported to Microsoft, which then created a free
software patch that it released with a security bulletin on July 16. Many
Windows computer systems remain vulnerable, however, because their owners
have not downloaded and applied the patch. 

Microsoft officials have recommended that organizations with large numbers
of vulnerable systems, including many colleges and universities, use an
Internet firewall to block external access to vulnerable computers until
their operating systems can be patched or reconfigured. 

According to Microsoft officials, the only versions of Windows that do not
have the flaw are Windows 98 and Windows Millennium Edition. Windows NT 4.0,
Windows NT 4.0 Terminal Services Edition, Windows 2000, Windows XP, and
Windows Server 2003 all have the security weakness, which Microsoft rates as
"critical," requiring an immediate fix. 

Hackers are building inventories of potentially vulnerable machines so that
"they don't have to go find the machines that are exploitable, because they
already know where they are," says Martin Lindner, team leader for incident
handling at the CERT Coordination Center at Carnegie Mellon University. 

Some Web sites are already offering code that hackers could use to exploit
the newly publicized security hole. "A wide spectrum of organizations --
universities and businesses -- have been affected," Mr. Lindner says. 

Users of most newer desktop and laptop machines can protect their computers
by accepting automatic security updates from Microsoft, Mr. Lant says. For
older Windows machines, applying security patches is time-consuming. 

Adding security patches to computers that are used as servers is even more
time-consuming, because patches must be tested thoroughly before they are

"Sometimes the patch has side effects independent of what it's trying to
fix," Mr. Lindner says. Security patches for servers should always be
tested, he says, "to make sure they don't have any other adverse effects on
your daily operations." 

Berkeley technicians were hoping to restore full network access today. 

-----Original Message-----
From: Deb Hale [mailto:haled at pionet.net]
Sent: Friday, August 08, 2003 9:35 AM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] Port 113

Berkley does a pretty good job of explaining Authentication. 

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list