-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This email struck a nerve in me. Mr. Ng speaks of "ignorant Sysadmins" and wanting to "get the idiots to listen." A lot of people, me included, can't understand why professional admins don't update their systems. What many of us forget, though, is that NT4 is being used by millions of small businesses who do not have professional admins and don't have a clue what IIS4 is and why it needs to be patched. Yet, they are connected with DSL (Cisco 675 modems that are failing) or fractional T1s and they don't understand why the "bad guys" want to get into their systems. What needs to be done is for people like us to educate those business owners. Contact your local paper or radio station and talk to the news director. Do an interview, be an expert. Create a "hit squad" of local sysadmins and offer to take phone calls from business owners. Create a Code RED fix on CD (maybe include SP6 and all post SP6 fixes including the IIS fixes on CD with an automated QChain script) But, quit complaining about "stupid, ignorant sysadmins" and the "idiots" and do something to help the situation. Most of us were not smart sysadmins to begin with........ - -----Original Message----- From: Mark Ng [mailto:marknat_private] Sent: Monday, August 06, 2001 5:20 AM To: incidentsat_private Subject: RE: disinfection tool Perhaps a very controversial viewpoint is using the backdoor installed by the copycat code red worm to patch these systems. The majority of sysadmins who by now haven't patched (or unmapped the script mappings from) their systems are mostly ignorant anyway. Perhaps a couple of honeypot systems built to automatically connect back, patch and reboot. The only issue that creates is the problem of transparent proxies. Not sure how you'd solve that one. This may eventually be the only way of actually getting rid of code red completely. If we live in a an ideal world, we'd eventually get the idiots to listen. However, I find that unlikely. Mark - ---------------------------------------------------------------------- - ------ This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO27p4d5aUxficepaEQLQDACgn//XAnrm1HFZbBtD/Ax7ODRB5AIAoOzn dXkFl5005IccBSWdQQatpnM9 =oTd8 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 13:11:40 PDT