Forwarded from: B.K. DeLong <bkdelongat_private> [Edited only so subscribers content filters won't throw a sh*tfit over a few select words. :) - WK] At 02:38 AM 1/29/2003 -0600, you wrote: > Forwarded from: H C <keydet89at_private> > > I'm concerned that the wrong impression is being given w/ articles > like this. I don't normally respond to posts on ISN but frankly, I think you're going overboard. > I understand that the AP's readership is much, much broader than > SF's, but I don't see that as an excuse for describing a worm attack > as "virus-like". Perhaps a better idea than an incorrect analogy > would be to actually put a brief statement in regarding the > differences between a virus and a worm. After all, the security > people here have to deal w/ both users and managers who now have > this misconception, on top of an already weak understanding of > security in general. In the 8th Grade, I did a science fair project on computer viruses. I included in that category trojan horses and worms. Granted I was programming viruses on my Apple IIe in BASIC....but things haven't changed too much. In my opinion, the rate at which the Slammer worm spread could be described as "viral" similarly to the rate of a "viral" marketing campaign or a "viral" epidemic. The fact that Slammer has all the characteristics of a worm just allows the security community to pigeon-hole it a little more then the general "virus"descriptor. > Confusion on terminology is only going to weaken consumer confidence > at large. Why not arm the consumer with correct information, rather > than muddling the issue w/ incorrect data? Consumer Confidence? You think consumers would have more confidence in Microsoft and companies running software using MS SQL if Slammer had been described as a worm instead of a virus?! What, are you an MS investor or something? > Regarding the disclosure issue...MS released/disclosed a patch on 24 > July 02...a fact conveniently missing from the article. Rather than > an issue of how much is too much to disclose, why not address the > real issue...the products in question should never have been exposed > to the Internet. The issue was only an exploitable vulnerability if > it could be executed...and as yet, there hasn't been a valid > business case presented for exposing that port for that application > to the Internet. Regardless of MS's earlier disclosure of the bug and subsequent patch release, they sure did a crappy job at making sure customers KNEW about the hole and so did the companies that have the software integrated into their products (see http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0045.html). When you're MS, fixing the bug is only part of the solution - you need to make extra effort to get the word out as a part of PROactive security and not the result of reactive damage control for a major worm outbreak. > While Mr. Bridis did state later in his article that congestion was > an issue, his early statements regarding corporate and gov't systems > (banking, 911, etc) does not clearly state whether the inability to > reach the systems described was due to infection of those systems by > the worm, or was due to the resulting congestion on the 'Net. The > way the article states these issues, there seems to be confusion. > Several folks I've spoken with came away from reading this article > w/ the understanding that the systems were infected by the worm. OK, I will concede that such a clarification may have been useful however regardless of WHY said servers were unreachable....they were still unreachable. Which goes to show that while you can have your sh*t together but on the Internet, it only takes a handful of your larger neighbors with outdated, insecure systems to f*ck up the whole net. The AP has a worldwide audience, a majority of which is your average, newspaper-reading joe. Bridis' article (which doesn't need my defense as it stands very well on its own) was perfectly legitimate when it used "virus-like" to describe the Slammer worm whose effects raced around the Internet at the speed of a viral epidemic. Instead of nitpicking on Bridis' article, may I suggest you go after the rest of the reporters who have no clue what they're writing about. Ted has consistently and continues to write articles that cover technology issues better than anyone else whose audience is the general public. -- B.K. DeLong bkdelongat_private 617.877.3271 http://ocw.mit.edu Work. http://www.brain-stream.com Play. http://www.the-leaky-cauldron.org Potter. http://www.attrition.org Security. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 03:24:03 PST