RE: Large ISP response to Code Red?

From: Jonathan A. Zdziarski (jonathan.zdziarski@micromuse.com)
Date: 07/31/01


From: "Jonathan A. Zdziarski" <jonathan.zdziarski@micromuse.com>
To: <kris@iguana.be>, "Mike Johnson" <mikej@opennms.org>
Subject: RE: Large ISP response to Code Red?
Date: Tue, 31 Jul 2001 13:04:59 -0400
Message-ID: <COEPIIFFJPONEJNLHKOEAEADCCAA.jonathan.zdziarski@micromuse.com>

My 2 cents:

Security is everyone's responsibility. Microsoft needs to get on the ball
and provide patches and workarounds much quicker than they have been. It
wouldn't surprise me to see a class action suit crop up after this last
failure to take action. ISPs [wrongly] trust the vendor to provide secure
software. The other side of the coin is ISPs need to adopt the clue that
it's their responsibility to manage their own network. Trusting your system
to automatically update patches is going to do two things, 1) It's going to
give you a false sense of security that the vendor is actually going to
provide a patch to the security hole before it's exploited, and 2) Opens
your network up to allow anyone controlling the update server to install
code on your system (as was previously discussed in this thread). I truly
feel sorry for the networks that don't have the money to hire enough talent
to work around the holes in their OS and software, as a community we need to
write more FAQs to educate the poor folks...but I don't have very much pity
for these large ISPs who forego spending the money because they think it's
not financially justified. If you're going to build a network you need to
spend the extra $70-$100k to hire a decent security guy who will do his best
to protect the network and keep things up-to-date. Vendors are too lax, but
if you get hacked after a vulnerability has been discovered and you didn't
take action, it's the ISPs own fault.

-----Original Message-----
From: Kris Carlier [mailto:root@iguana.be]
Sent: Tuesday, July 31, 2001 12:54 PM
To: Mike Johnson
Cc: incidents@securityfocus.com
Subject: Re: Large ISP response to Code Red?

> To me, this is the answer. Server based systems usually have
> plenty of bandwidth. A different set of patches could be
> offered for the desktop class systems (Win9x, Me, 2k Prof.)
> that might be more bandwidth friendly and only applies to

small detail, IIRC, one of the windowsupdate servers fell victim to the CR
attack itself. So, here's a rethorical question: would you like your
system to be automatically updated ? What if the machine you trust is
infected ? Helluvaway to efficiently distribute a worm, no ?

kr=

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: Enabling telnet, ftp, pop3 for root...
    ... Most ISPs have measures in place to prevent ... IP spoofing or any other tool that you think might help. ... All I would need to do is to have a box physically on that network, and to do that, I could use means of social networking... ... The fact that it is possible, period, is enough to prove my original point that no security is absolute, and that everything that can be done with a computer, can be undone with a computer, even if it is considerably harder. ...
    (alt.os.linux)
  • Why hasnt Symantec addressed nastier Messenger spoofs
    ... Norton / Symantec has been silent on whether Norton Internet Security ... DSL firewall will stop these kinds of pop-ups. ... major ISPs and broadband systems. ...
    (comp.security.misc)
  • Re: [Full-disclosure] A Botted Fortune 500 a Day
    ... I believe security of an organisation is orthogonal to the number of ... >> Fortune 500 companies have more employees than some ISPs have customers. ... > compromises on their internal networks. ...
    (Bugtraq)
  • Re: [Full-disclosure] A Botted Fortune 500 a Day
    ... I believe security of an organisation is orthogonal to the number of ... Fortune 500 companies have more employees than some ISPs have customers. ... compromises on their internal networks. ... If one of your machines is spewing spam, ...
    (Full-Disclosure)
  • Re: Buy a PC at Best Buy today and plug it in - how long till I get a virus?
    ... far too many people see security as someone else's problem. ... > They won't buy security software for their PC (or invest the time to find ... going to make the internet a safe place to hang out either. ... You are right - ISPs are not going to change unless someone makes them. ...
    (microsoft.public.security.virus)