The "Code Red" worm, currently exploding on the Internet courtesy of a hole in Microsoft's server software, is fascinating. I don't want to overhype it, but it's symptomatic of how fundamentally screwed-up Internet security is. Yes, I realize that Microsoft has issued a patch. But even if 95% of sites installed the patch, the remaining 5% represent enough fire-power to organize a catastrophic DDOS attack. There are millions of sites out there, and scores of patches that they ought to be installing, and it's not surprising that vast numbers of sites, Microsoft and Sun and everything else, are full of known holes. I'm not saying a catastrophic attack is going to happen tomorrow, but day by day we're so close to the edge that it blows my mind. We have been rebuilding our whole civilization on top of a technology that is imploding before our eyes. The lights stay on only because none of the malicious hackers, or the 13-year-olds who use their scripts, feels like turning them off yet. What's wrong with us? Thanks to the Internet reader who gathered most of these URL's. "Code Red" Worm Set to Flood Internet http://news.cnet.com/news/0-1003-200-6617292.html This article opens as follows: An analysis of the fast-spreading "Code Red" computer worm reveals that infected computers are programmed to attack the White House Web site with a denial-of-service attack Thursday evening, potentially slowing parts of the Internet to a crawl. The worm has compromised more than 100,000 English-language servers running Microsoft's Web server software as of late Thursday. In addition, each of those infected computers are expected to flood the Whitehouse.gov address with data starting at 5 p.m. PDT, according to an analysis by network-protection company eEye Digital Security. That's right now. The White House Web site appears to be operational, however. This article is more skeptical about the potential for damage, though impressed by the numbers: More Up-to-date CRW news, including updated infection estimates http://www.newsfactor.com/perl/story/12154.html Here are more technical analyses: Original analaysis of "Code Red" Worm from eEye http://www.securityfocus.com/templates/archive.pike?list=1&start=2001-07-15&mid=197828&end=2001-07-21&fromthread=0&threads=0& Updated analysis of CRW from eEye http://www.securityfocus.com/templates/archive.pike?list=1&start=2001-07-15&mid=198068&end=2001-07-21&fromthread=0&threads=0& SANS Incident diary for 18 July, with lots of statistics (content of the URL may change - as of 19 July 2350 GMT, was good) http://www.incidents.org/diary/diary.php Code Red Worm: Killed By Reboot http://www.newsfactor.com/perl/story/12116.html Various topics, including CRW: http://www.eeye.com/~apps/modules/Forum/threads.asp?cat=t%2E0430%2E225832%2E446478&filter=90 an unrelated worm that is also spreading very fast right now http://www.wired.com/news/infostructure/0,1377,45397,00.html
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 17:44:03 PDT