> Mr. Ng speaks of "ignorant Sysadmins" and wanting to > "get the idiots > to listen." From the beginning, I thought this was the whole point of the Code Red worm. Given how "noisy" the worm is, and given that CRv1 and 2 weren't all that destructive (CRII seems to be an escalation...sort of, "I already told what I could do...now I'm going to do it."), it seems that CR is someone's idea for forcing admins to install the patch. After all, the vector leads to a system-level compromise. Look at it like a vaccine...give the patient a small dose of the largely inert 'virus' so that the system develops an immunity. > A lot of people, me included, can't understand why > professional > admins don't update their systems. Nor do I understand. > ...and they don't understand why the > "bad guys" want to > get into their systems. > > What needs to be done is for people like us to > educate those business > owners. After years of hearing this, I would love to hear a viable way of doing this. I've heard a variety of techniques for educating business owners on risk, from showing how it would impact their business, to making it a business issue, to showing how a lack of security can impact the bottom line. I'm to the point of believing that the business owners already know...they just like the idea of someone kissing their arses and begging for money. Amongst security-sensitive folks like us, if a vulnerability can be found to easily lead to a root compromise, it'll be fixed and patched most rikky-tik. In the real world, unless their is actually a working exploit that is currently being used by the kiddies, the business types generally don't listen. > Contact your local paper or radio station > and talk to the > news director. Do an interview, be an expert. There have to be trade-offs with this. After all, there are already 'experts' talking to the media, which in turn generates FUD. Say the wrong thing and/or get quoted out of context, and you risk ending up on a site like Attrition in a less-than-favorable light. The problem with the media is that if you're not sensational enough, you don't get interviewed. That's why JP of AntiOnline got more press with regards to "profiling" than the folks who do it professionally. > Create a "hit squad" > of local sysadmins and offer to take phone calls > from business > owners. Create a Code RED fix on CD (maybe include > SP6 and all post > SP6 fixes including the IIS fixes on CD with an > automated QChain > script) Perhaps this is where Mr. Ng's complaint comes from...the very fact that one group has to take the time to rescue another group from themselves, when we all have access to the same resources. So someone invests a significant amount of intellectual property to make someone else's job easier...for what? > But, quit complaining about "stupid, ignorant > sysadmins" and the > "idiots" and do something to help the situation. Well, I think the reason Bruce Schneier recently decided to start pushing monitoring over preparation (and this is speculation on my part) is b/c he got tired of trying to push the idea of planning ahead, configuring systems, and installing patches. No one seems to want to do it. Look how many systems got hit by the sadmin/IIS worm...and the IIS side of it had been patched for 7 or 8 months. __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 14:30:50 PDT