Re: [ISN] Internet Attack's Disruptions More Serious Than Many

From: InfoSec News (isnat_private)
Date: Thu Jan 30 2003 - 22:35:37 PST

  • Next message: InfoSec News: "[ISN] Slammer Worm: A Blow to Remote Storage?"

    Forwarded from: Aj Effin Reznor <ajat_private>
    "InfoSec News was known to say....."
    > Regarding the disclosure issue...MS released/disclosed a patch on 24
    > July 02...a fact conveniently missing from the article.  Rather than
    > an issue of how much is too much to disclose, why not address the
    > real issue...the products in question should never have been exposed
    > to the Internet.  The issue was only an exploitable vulnerability if
    > it could be executed...and as yet, there hasn't been a valid
    > business case presented for exposing that port for that application
    > to the Internet.
    Without questioning the integrity of the original article (one could
    bore the ISN subscribership with that in an entirely different email),
    perhaps we should point out that some patches, particularly SQL ones,
    are "difficult" to apply.  Or, may be applied but not "take effect",
    not even after a reboot.
    Here's an idea.  Stop writing code that allows this to happen, rather
    than issuing a patch after the fact?
    In a day when "good code" equates to "compiles without errors", what
    can we expect from computed attempts to be trustworthy.  That this
    appeared the day after Gates' spam on secured computing is coincidal
    at best, but still beautiful.
    As for exposing the affected port to the internet, so what, who cares,
    etc.  I'm all for running the smallest amount of services possible,
    and also for good neighbor-ism on the net, but if someone wants or, by
    their own questionable biz model, "needs" to expose a port, they
    should be able to do so.  I'm no more going to tell people what they
    cannot do than accept being told what I cannot do.  If they
    want/"need" to expose ports, they should be able to do so **safely**.  
    Ask MS why they can't do it safely rather than demanding a valid
    reason why the given port was exposed at all.
    Just like parents today, chasing down every societal ill rather than
    just raising their children properly (like the Drunk Dude that was
    upset that his children had to read my F*CK REDHAT shirt at a
    restaurant the other night).  Don't worry about the port, worry about
    the poorly coded app that can't be hung out in the wind.
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 01:33:01 PST