Re: Full analysis of the .ida

From: mardy.hutchinsonat_private
Date: Fri Jul 20 2001 - 11:34:55 PDT

Next message: Don Papp: "Re: "Code Red" worm - there MUST be at least two versions."

Previous message: Chris St. Clair: "RE: Safe(?) testing for idq.dll vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  This is hogwash.

  When Microsoft issued the bulletin, it was quite clear that it
was to fix an Index Server problem.  

  Since we, among others, had not been running the Index Server because 
of its historical security flaws, the patch did not appear to be
required.  You don't blindly apply patches that have no apparent
bearing on your system -- it may break other things.

  Surprise!  It was.

  This was truly a misleading security release.  In effect, there was
no notification.  You can't expect harried sysadmins to read between 
the lines.  Even Microsoft themselves did not feel the need to apply 
the patch to some servers, probably for much the same reasons.

-- Mardy





> > This DOES raise some pretty fundamental questions about the security of
> > all the infrastructure, because, in theory the compromised servers
> > _could_ have been exploited more extensively and _could_ be delivering
> > nastily compromised stuff around. I have no reason to believe it has
> > happened, but still...
> 
> <soapbox>
> I have to disagree.  Microsoft released a patch for this issue on 6/18/2001.
> Here we are, a tad over a month later, and the issue is being exploited en
> masse.  This calls to question the attention of systems administrators to
> their networks.  The days of selective application of security patches are
> long since over.  IMHO, systems affected by this recent outbreak are being
> administered by techs that need to pay closer attention to their
> installations and keeping them up to date.
> 
> As the world reliance on computer systems continues to increase, it become
> more and more imperative that people learn these are not simply toasters
> that sit on the kitchen counter.  Regular maintenance and attention is
> required and an irresponsible or ignorant attitude towards these things is
> the true threat to the infrastructure.  The only security issue here is the
> human element as always.  Microsoft has already come up with a tool that
> automagically notifies users/admins of the need to update their system
> within moments of a patch being released.  What should they do next --
> auto-patch the systems for the user/admin to ensure the security of the
> infrastructure?  Maybe the user/admin needs to learn about that toaster on
> the countertop.
> </soapbox>
> 
> James
>

Next message: Don Papp: "Re: "Code Red" worm - there MUST be at least two versions."
Previous message: Chris St. Clair: "RE: Safe(?) testing for idq.dll vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 14:09:01 PDT