Re: [ISN] Internet Attack's Disruptions More Serious Than Many Thought Possible

From: InfoSec News (isnat_private)
Date: Thu Jan 30 2003 - 00:59:51 PST

  • Next message: InfoSec News: "[ISN] FBI Skeptical on Internet Attack Source"

    Forwarded from: B.K. DeLong <bkdelongat_private>
    
    [Edited only so subscribers content filters won't throw a sh*tfit over 
    a few select words. :)  - WK]
    
    
    At 02:38 AM 1/29/2003 -0600, you wrote:
    > Forwarded from: H C <keydet89at_private>
    >
    > I'm concerned that the wrong impression is being given w/ articles
    > like this.
    
    I don't normally respond to posts on ISN but frankly, I think you're going 
    overboard.
    
    > I understand that the AP's readership is much, much broader than
    > SF's, but I don't see that as an excuse for describing a worm attack
    > as "virus-like".  Perhaps a better idea than an incorrect analogy
    > would be to actually put a brief statement in regarding the
    > differences between a virus and a worm.  After all, the security
    > people here have to deal w/ both users and managers who now have
    > this misconception, on top of an already weak understanding of
    > security in general.
    
    In the 8th Grade, I did a science fair project on computer viruses. I
    included in that category trojan horses and worms. Granted I was
    programming viruses on my Apple IIe in BASIC....but things haven't
    changed too much.
    
    In my opinion, the rate at which the Slammer worm spread could be
    described as "viral" similarly to the rate of a "viral" marketing
    campaign or a "viral" epidemic. The fact that Slammer has all the
    characteristics of a worm just allows the security community to
    pigeon-hole it a little more then the general "virus"descriptor.
    
    > Confusion on terminology is only going to weaken consumer confidence
    > at large.  Why not arm the consumer with correct information, rather
    > than muddling the issue w/ incorrect data?
    
    Consumer Confidence? You think consumers would have more confidence in
    Microsoft and companies running software using MS SQL if Slammer had
    been described as a worm instead of a virus?! What, are you an MS
    investor or something?
    
    > Regarding the disclosure issue...MS released/disclosed a patch on 24
    > July 02...a fact conveniently missing from the article.  Rather than
    > an issue of how much is too much to disclose, why not address the
    > real issue...the products in question should never have been exposed
    > to the Internet.  The issue was only an exploitable vulnerability if
    > it could be executed...and as yet, there hasn't been a valid
    > business case presented for exposing that port for that application
    > to the Internet.
    
    Regardless of MS's earlier disclosure of the bug and subsequent patch
    release, they sure did a crappy job at making sure customers KNEW
    about the hole and so did the companies that have the software
    integrated into their products
    
    (see http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0045.html).
    
    When you're MS, fixing the bug is only part of the solution - you need
    to make extra effort to get the word out as a part of PROactive
    security and not the result of reactive damage control for a major
    worm outbreak.
    
    > While Mr. Bridis did state later in his article that congestion was
    > an issue, his early statements regarding corporate and gov't systems
    > (banking, 911, etc) does not clearly state whether the inability to
    > reach the systems described was due to infection of those systems by
    > the worm, or was due to the resulting congestion on the 'Net.  The
    > way the article states these issues, there seems to be confusion.
    > Several folks I've spoken with came away from reading this article
    > w/ the understanding that the systems were infected by the worm.
    
    OK, I will concede that such a clarification may have been useful
    however regardless of WHY said servers were unreachable....they were
    still unreachable. Which goes to show that while you can have your
    sh*t together but on the Internet, it only takes a handful of your
    larger neighbors with outdated, insecure systems to f*ck up the whole
    net.
    
    The AP has a worldwide audience, a majority of which is your average,
    newspaper-reading joe. Bridis' article (which doesn't need my defense
    as it stands very well on its own) was perfectly legitimate when it
    used "virus-like" to describe the Slammer worm whose effects raced
    around the Internet at the speed of a viral epidemic.
    
    Instead of nitpicking on Bridis' article, may I suggest you go after
    the rest of the reporters who have no clue what they're writing about.
    Ted has consistently and continues to write articles that cover
    technology issues better than anyone else whose audience is the
    general public.
    
    --
    B.K. DeLong
    bkdelongat_private
    617.877.3271
    
    http://ocw.mit.edu                        Work.
    http://www.brain-stream.com               Play.
    http://www.the-leaky-cauldron.org        Potter.
    http://www.attrition.org                       Security.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 03:24:03 PST