[Dshield] Another Windows Bug Open To Zotob-Like Attacks

Chris Wright dshield at yaps4u.net
Wed Aug 31 08:38:39 GMT 2005


> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Clinton 
> E. Troutman
> Sent: Wednesday, August 31, 2005 7:06 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Another Windows Bug Open To Zotob-Like Attacks
> 
> On Tuesday 30 August 2005 17:38, Tony Earnshaw wrote:
> > I don't know why anybody bothers to spend time on this kind of 
> > announcement ...
> [snip]
> > Windows has always been, and will always be, a leaky craft that 
> > no-one, however many about it, can ever caulk sufficiently. 
> "All hands 
> > to the pump" and constant welding of burst seams will never suffice.
> >
> 
> Because, when every ship in the fleet springs the same hidden 
> leak at the same time, the more caulkers and welders you can 
> inform that they have a leak means they can attend to the 
> leak more quickly, possibly mitigate a swamping, and more of 
> those ships will remain afloat a while longer...
> 
> If you don't tell them, they might not stumble on the leak 
> until already sunk.
> 
> It makes sense to spread info through as many channels as possible.

How long before someone on here tells us that the new version of Windows
will be called Windows Titanic.

IMHO Security should always be like the 'Forth Railway Bridge' (I'll let the
non-UK members Google for that, check out the painting schedule).
Good security practice should always to be perform regular updates and check
(regular can be daily/weekly/monthly depending on scenario).  
You can bet you bottom dollar, that no matter what the OS, there will always
be people looking for exploits, whether it be Joe Public or an industrial
spy.

Do you really think that the recent suspicion regarding hackers in China was
purely based at the average home user running a flavour of Windows.  I don't
think so.  These hack attacks were aimed at some pretty big and strong
machines.  OS's that some people consider far superior to certain others.

Where ever there is gain to be made, attacks will be tried.  So that means
we should always be doing our rounds making sure that all is secure.
After all, you don't build an massive bank, fill it with money and then
leave all the doors open.  No matter how good the security is, you build it
to be impregnable, but you still employ security guards to control the
entrances and perform perimeter searches 24/7.  It doesn't matter how good
you think you built it, there will always be someone looking at ways to get
in.  

It has nothing to do an old ship with leaks in it, its more to do with the
guy walking round poking holes through the ship on purpose.  And I will
admit that some early versions of OS are made of wood, and some of the very
old ones have a severe case of woodworm, but I can't say enough, we should
be checking and inspecting every single day.  To not do so would be very
irresponsible.

Chris



More information about the list mailing list