RE: Large ISP response to Code Red?

From: Jonathan A. Zdziarski (jonathan.zdziarskiat_private)
Date: Tue Jul 31 2001 - 10:04:59 PDT

  • Next message: denis: "Re: Port 119 Scans"

    My 2 cents:
    
    Security is everyone's responsibility.  Microsoft needs to get on the ball
    and provide patches and workarounds much quicker than they have been.  It
    wouldn't surprise me to see a class action suit crop up after this last
    failure to take action.  ISPs [wrongly] trust the vendor to provide secure
    software.  The other side of the coin is ISPs need to adopt the clue that
    it's their responsibility to manage their own network.  Trusting your system
    to automatically update patches is going to do two things, 1) It's going to
    give you a false sense of security that the vendor is actually going to
    provide a patch to the security hole before it's exploited, and 2) Opens
    your network up to allow anyone controlling the update server to install
    code on your system (as was previously discussed in this thread).  I truly
    feel sorry for the networks that don't have the money to hire enough talent
    to work around the holes in their OS and software, as a community we need to
    write more FAQs to educate the poor folks...but I don't have very much pity
    for these large ISPs who forego spending the money because they think it's
    not financially justified.   If you're going to build a network you need to
    spend the extra $70-$100k to hire a decent security guy who will do his best
    to protect the network and keep things up-to-date.  Vendors are too lax, but
    if you get hacked after a vulnerability has been discovered and you didn't
    take action, it's the ISPs own fault.
    
    -----Original Message-----
    From: Kris Carlier [mailto:rootat_private]
    Sent: Tuesday, July 31, 2001 12:54 PM
    To: Mike Johnson
    Cc: incidentsat_private
    Subject: Re: Large ISP response to Code Red?
    
    
    > To me, this is the answer.  Server based systems usually have
    > plenty of bandwidth.  A different set of patches could be
    > offered for the desktop class systems (Win9x, Me, 2k Prof.)
    > that might be more bandwidth friendly and only applies to
    
    small detail, IIRC, one of the windowsupdate servers fell victim to the CR
    attack itself. So, here's a rethorical question: would you like your
    system to be automatically updated ? What if the machine you trust is
    infected ? Helluvaway to efficiently distribute a worm, no ?
    
    kr=
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 10:57:07 PDT