RE: [ISN] Microsoft takes heat for Code Red

From: InfoSec News (isnat_private)
Date: Tue Aug 07 2001 - 03:07:33 PDT

  • Next message: InfoSec News: "[ISN] Linux Security Week - August 6th 2001"

    Forwarded by: John Q. Public <tpublicat_private>
    If you remember about a year ago, though, UNIX was supposedly on it's
    death bed due to the number of BIND bugs.  According to some sicko
    journalist, that is.
    It's all classic finger pointing when the topic of the day stretches
    into a few days, or someone actually tries to do some research and
    finds out it is a recurring problem.
    It is simply easier to pick on microsoft because they seem to have
    consistant simultaneous recurring problems.
    On Mon, 6 Aug 2001, InfoSec News wrote:
    |Forwarded by: Michael Huntley <michaelat_private>
    |I'm not surprised at the M$ bashing, but I must take note that BIND
    |has had several vulnerabilities, and users of BIND have suffered from
    |those vulnerabilities as much as NT users of IIS.  Frankly, if the
    |users of NT had applied the patch that came out on June 18th this
    |would not be an issue, much like the problems that persisted after
    |holes were found in BIND 8.2.2-p5 and before.
    |As an administrator for several types of machines testing and applying
    |patches is a way-of-life.  It doesn't matter to me whether the systems
    |are NT or RedHat Linux.  Seems to me, IMHO, the bashing should be on
    |the administrators of the machines, not M$, merely for the fact the
    |patch was out a full month prior to the mass infection.
    |My 2 cents.
    |Michael Huntley
    |-----Original Message-----
    |From: owner-isnat_private [mailto:owner-isnat_private]On Behalf Of
    |InfoSec News
    |Sent: Wednesday, August 01, 2001 2:47 AM
    |To: isnat_private
    |Subject: [ISN] Microsoft takes heat for Code Red
    |By Ian Fried and David Becker
    |Staff Writers, CNET
    |July 31, 2001, 12:25 p.m. PT
    |While network administrators wait and prepare for another round of
    |attacks from the Code Red worm, Microsoft is drawing much of the blame
    |for the pernicious infection.
    |Once again, security experts say the speed and stability of the
    |Internet is at risk because of Code Red, a malicious worm that takes
    |advantage of a hole in Microsoft's Internet Information Server (IIS)
    |Web server software. The worm infected more than 300,000 servers and
    |attacked the White House Web site last month before going into
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 05:20:50 PDT