Re: [ISN] Internet Attack's Disruptions More Serious Than Many Thought Possible

From: InfoSec News (isnat_private)
Date: Wed Jan 29 2003 - 00:38:04 PST

  • Next message: InfoSec News: "[ISN] Slow Slammer response points to NIPC woes"

    Forwarded from: H C <keydet89at_private>
    
    I'm concerned that the wrong impression is being given w/ articles
    like this.
    
    I understand that the AP's readership is much, much broader than SF's,
    but I don't see that as an excuse for describing a worm attack as
    "virus-like".  Perhaps a better idea than an incorrect analogy would
    be to actually put a brief statement in regarding the differences
    between a virus and a worm.  After all, the security people here have
    to deal w/ both users and managers who now have this misconception, on
    top of an already weak understanding of security in general.
    
    Confusion on terminology is only going to weaken consumer confidence
    at large.  Why not arm the consumer with correct information, rather
    than muddling the issue w/ incorrect data?
    
    Regarding the disclosure issue...MS released/disclosed a patch on 24
    July 02...a fact conveniently missing from the article.  Rather than
    an issue of how much is too much to disclose, why not address the real
    issue...the products in question should never have been exposed to the
    Internet.  The issue was only an exploitable vulnerability if it could
    be executed...and as yet, there hasn't been a valid business case
    presented for exposing that port for that application to the Internet.
    
    While Mr. Bridis did state later in his article that congestion was an
    issue, his early statements regarding corporate and gov't systems
    (banking, 911, etc) does not clearly state whether the inability to
    reach the systems described was due to infection of those systems by
    the worm, or was due to the resulting congestion on the 'Net.  The way
    the article states these issues, there seems to be confusion.  
    Several folks I've spoken with came away from reading this article w/
    the understanding that the systems were infected by the worm.
    
    
    --- InfoSec News <isnat_private> wrote:
    > http://ap.tbo.com/ap/breaking/MGAPX0P2HBD.html
    > 
    > By Ted Bridis 
    > Associated Press Writer 
    > Jan 27, 2003
    > 
    > WASHINGTON (AP) - The weekend attack on the Internet crippled some
    > sensitive corporate and government systems, including banking
    > operations and 911 centers, far more seriously than many experts
    > believed possible.
    > 
    > The nation's largest residential mortgage firm, Countrywide
    > Financial Corp., told customers who called Monday it was still
    > suffering from the attack. Its Web site, where customers usually can
    > make payments and check their loans, was closed with a note about
    > "emergency maintenance."
    > 
    > Police and fire dispatchers outside Seattle resorted to paper and
    > pencil for hours Saturday after the virus-like attack disrupted
    > operations for the 911 center that serves two suburban police
    > departments and at least 14 fire departments.
    > 
    > American Express Co. confirmed that customers couldn't reach its Web
    > site to check credit statements and account balances during parts of
    > the weekend. Perhaps most surprising, the attack prevented many
    > customers of Bank of America Corp., one of the largest U.S. banks,
    > and some large Canadian banks from withdrawing money from automatic
    > teller machines Saturday.
    > 
    > President Bush's No. 2 cyber-security adviser, Howard Schmidt,
    > acknowledged Monday that what he called "collateral damage" stunned
    > even experts who have warned about uncertain effects on the nation's
    > most important electronic systems from mass-scale Internet
    > disruptions.
    > 
    > "One would not have expected a request for bandwidth would have
    > affected the ATM network," Schmidt said. "This is one of the things
    > we've been talking about for a long time, getting a handle on
    > interdependencies and cascading effects."
    
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 02:46:35 PST