[unisog] [dc-sage] Code Red mutated? (fwd)
Paul L Schmehl
pauls at utdallas.edu
Mon Aug 6 19:04:02 GMT 2001
I happen to know the Microsoft security folks personally, and I can assure
you that they care deeply and are working very hard to improve. But
they're fighting an uphill battle when their customers won't do their job.
For example, the ISAPI vulnerability that Code Red exploits was patched
almost a full month prior to the first infection. The relative path
exploit that the Code Red II worm uses to active its trojan was patched
over a year ago.
If people won't run the patches and Service Packs in a timely manner, what
is MS supposed to do? Name a vendor other than Red Hat and Debian that has
made patches as easy as Windows Update makes them.
The problem is two-fold:
1) People with no ethics who have no qualms about breaking in to other
2) IR folks and individuals who, for whatever reason or excuse, won't
update their equipment.
The first isn't fixable. The second is.
--On Monday, August 06, 2001 10:46 AM -0700 Peter Van Epp <vanepp at sfu.ca>
> I expect the liability issues would be horrendous. What if your fixit
> worm screwed up with some particular configuration and destroyed the
> machine instead of fixing it? You can't be sure there isn't such a
> configuration with the breadth of systems out there. If you are
> Microsoft, you have deep sueable pockets and I expect are used to bad
> publicity about security because you get so much of it and apparantly
> care so little: "iis the NT root kit posing as a web server" ...
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>> Is there a point when it would just be easier to write the Red-fix worm.
>> Does patch by force ever make sense. You think someone at micro$oft
>> would do it just for "damage control".
>> (the patch would probably open ten new holes)
>> Michael Lang mlang at lanl.gov
>> Los Alamos National Laboratory
>> ph:505-665-5756, fax:665-5638
>> MS B256, Los Alamos, NM 87545
Paul L. Schmehl, pauls at utdallas.edu
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member
More information about the unisog