Re: [ISN] Internet Attack's Disruptions More Serious Than Many

From: InfoSec News (isnat_private)
Date: Thu Jan 30 2003 - 22:35:37 PST

Next message: InfoSec News: "[ISN] Slammer Worm: A Blow to Remote Storage?"

Previous message: InfoSec News: "[ISN] Firm loses secrets of 180,000 clients"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Aj Effin Reznor <ajat_private>

"InfoSec News was known to say....."

> Regarding the disclosure issue...MS released/disclosed a patch on 24
> July 02...a fact conveniently missing from the article.  Rather than
> an issue of how much is too much to disclose, why not address the
> real issue...the products in question should never have been exposed
> to the Internet.  The issue was only an exploitable vulnerability if
> it could be executed...and as yet, there hasn't been a valid
> business case presented for exposing that port for that application
> to the Internet.

Without questioning the integrity of the original article (one could
bore the ISN subscribership with that in an entirely different email),
perhaps we should point out that some patches, particularly SQL ones,
are "difficult" to apply.  Or, may be applied but not "take effect",
not even after a reboot.

Here's an idea.  Stop writing code that allows this to happen, rather
than issuing a patch after the fact?

In a day when "good code" equates to "compiles without errors", what
can we expect from computed attempts to be trustworthy.  That this
appeared the day after Gates' spam on secured computing is coincidal
at best, but still beautiful.

As for exposing the affected port to the internet, so what, who cares,
etc.  I'm all for running the smallest amount of services possible,
and also for good neighbor-ism on the net, but if someone wants or, by
their own questionable biz model, "needs" to expose a port, they
should be able to do so.  I'm no more going to tell people what they
cannot do than accept being told what I cannot do.  If they
want/"need" to expose ports, they should be able to do so **safely**.  
Ask MS why they can't do it safely rather than demanding a valid
reason why the given port was exposed at all.

Just like parents today, chasing down every societal ill rather than
just raising their children properly (like the Drunk Dude that was
upset that his children had to read my F*CK REDHAT shirt at a
restaurant the other night).  Don't worry about the port, worry about
the poorly coded app that can't be hung out in the wind.


-aj.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Slammer Worm: A Blow to Remote Storage?"
Previous message: InfoSec News: "[ISN] Firm loses secrets of 180,000 clients"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 01:33:01 PST