> This DOES raise some pretty fundamental questions about the security of > all the infrastructure, because, in theory the compromised servers > _could_ have been exploited more extensively and _could_ be delivering > nastily compromised stuff around. I have no reason to believe it has > happened, but still... <soapbox> I have to disagree. Microsoft released a patch for this issue on 6/18/2001. Here we are, a tad over a month later, and the issue is being exploited en masse. This calls to question the attention of systems administrators to their networks. The days of selective application of security patches are long since over. IMHO, systems affected by this recent outbreak are being administered by techs that need to pay closer attention to their installations and keeping them up to date. As the world reliance on computer systems continues to increase, it become more and more imperative that people learn these are not simply toasters that sit on the kitchen counter. Regular maintenance and attention is required and an irresponsible or ignorant attitude towards these things is the true threat to the infrastructure. The only security issue here is the human element as always. Microsoft has already come up with a tool that automagically notifies users/admins of the need to update their system within moments of a patch being released. What should they do next -- auto-patch the systems for the user/admin to ensure the security of the infrastructure? Maybe the user/admin needs to learn about that toaster on the countertop. </soapbox> James
This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 07:48:12 PDT