[unisog] [dc-sage] Code Red mutated? (fwd)

Paul L Schmehl pauls at utdallas.edu
Mon Aug 6 19:04:02 GMT 2001


I happen to know the Microsoft security folks personally, and I can assure 
you that they care deeply and are working very hard to improve.  But 
they're fighting an uphill battle when their customers won't do their job.

For example, the ISAPI vulnerability that Code Red exploits was patched 
almost a full month prior to the first infection.  The relative path 
exploit that the Code Red II worm uses to active its trojan was patched 
over a year ago.

If people won't run the patches and Service Packs in a timely manner, what 
is MS supposed to do?  Name a vendor other than Red Hat and Debian that has 
made patches as easy as Windows Update makes them.

The problem is two-fold:
1) People with no ethics who have no qualms about breaking in to other 
people's equipment
2) IR folks and individuals who, for whatever reason or excuse, won't 
update their equipment.

The first isn't fixable.  The second is.

--On Monday, August 06, 2001 10:46 AM -0700 Peter Van Epp <vanepp at sfu.ca> 
wrote:

>	 I expect the liability issues would be horrendous. What if your fixit
> worm screwed up with some particular configuration and destroyed the
> machine instead of fixing it? You can't be sure there isn't such a
> configuration with the breadth of systems out there. If you are
> Microsoft, you have deep sueable pockets and I expect are used to bad
> publicity about security because you  get so much of it and apparantly
> care so little: "iis the NT root kit posing as a web server"  ...
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
>>
>> Is there a point when it would just be easier to write the Red-fix worm.
>> Does patch by force ever make sense.  You think someone at micro$oft
>> would do it just for "damage control".
>>
>> (the patch would probably open ten new holes)
>>
>> 	--Mike
>> ___________________________
>> Michael Lang    mlang at lanl.gov
>> Los Alamos    National Laboratory
>> ph:505-665-5756,     fax:665-5638
>> MS B256, Los Alamos, NM 87545
>>
>>
>>
>



Paul L. Schmehl, pauls at utdallas.edu
http://www.utdallas.edu/~pauls/
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member



More information about the unisog mailing list