Re: [ISN] The Code Red hype Hall of Shame

From: InfoSec News (isnat_private)
Date: Fri Aug 10 2001 - 23:39:38 PDT

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - August 10th 2001"

    Forwarded from: Dan Verton <Dan_Vertonat_private>
    
    Greene Writes:
    
    We're still at a loss to explain how eEye Digital Security, which
    discovered and publicized the .ida hole that Code Red and Code Red
    Junior exploit, has managed to escape questioning by the press for its
    part in the whole fiasco. Indeed, their role is tantamount to a
    pharmaceutical company unintentionally releasing a disease germ.
    
    I throw this out as an FYI... I raised the issue as far back as July
    20 and when I was done I felt like a mailman who had just walked into
    a yard full of rabid dogs.
    
    Story is here and was one of the early ones.
    "Security experts question release of Code Red worm's exploit data"
    http://www.computerworld.com/storyba/0,4125,NAV47_STO62453,00.html
    
    Unfortunately, the commentators who comment on the commentators, don't
    always get it either. The truth, like politics, is local. Perceptions
    are reality and most perceptions differ greatly. Like the sys admin
    who had to spend 30 hours cleaning up his system in the aftermath of
    Code Red because he did'nt have the patch installed. But he was warned
    like the rest of them. Unfortunately, he probably thought it was all
    just more FUD. He, like hundreds of thousands of others, was wrong.
    
    Dan Verton
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Aug 11 2001 - 01:47:27 PDT