My 2 cents: Security is everyone's responsibility. Microsoft needs to get on the ball and provide patches and workarounds much quicker than they have been. It wouldn't surprise me to see a class action suit crop up after this last failure to take action. ISPs [wrongly] trust the vendor to provide secure software. The other side of the coin is ISPs need to adopt the clue that it's their responsibility to manage their own network. Trusting your system to automatically update patches is going to do two things, 1) It's going to give you a false sense of security that the vendor is actually going to provide a patch to the security hole before it's exploited, and 2) Opens your network up to allow anyone controlling the update server to install code on your system (as was previously discussed in this thread). I truly feel sorry for the networks that don't have the money to hire enough talent to work around the holes in their OS and software, as a community we need to write more FAQs to educate the poor folks...but I don't have very much pity for these large ISPs who forego spending the money because they think it's not financially justified. If you're going to build a network you need to spend the extra $70-$100k to hire a decent security guy who will do his best to protect the network and keep things up-to-date. Vendors are too lax, but if you get hacked after a vulnerability has been discovered and you didn't take action, it's the ISPs own fault. -----Original Message----- From: Kris Carlier [mailto:rootat_private] Sent: Tuesday, July 31, 2001 12:54 PM To: Mike Johnson Cc: incidentsat_private Subject: Re: Large ISP response to Code Red? > To me, this is the answer. Server based systems usually have > plenty of bandwidth. A different set of patches could be > offered for the desktop class systems (Win9x, Me, 2k Prof.) > that might be more bandwidth friendly and only applies to small detail, IIRC, one of the windowsupdate servers fell victim to the CR attack itself. So, here's a rethorical question: would you like your system to be automatically updated ? What if the machine you trust is infected ? Helluvaway to efficiently distribute a worm, no ? kr= ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 10:57:07 PDT