Re: DDOS attack Microsoft
From: Max Burke (mlvburke_at_%$%#@.nz)
Date: Tue, 16 Sep 2003 18:07:02 +1200
> Craig A. Finseth scribbled:
>> Mike Byrns wrote:
>>>> Wasn't the Worm as devised by RTM the first of it's kind, and
>>>> didn't it exploit weaknesses in *nix, including the GNU Emacs
>>>> buffer overflow?
>>> The exploits were:
>>> - It took advantage of a publicized, hard-wired back door left in
>> So how come this backdoor was written into sendmail in the first
>> place? I
> It was a debug mode.
>> thought only Microsoft products had backdoors. :-) If it was so well
>> publicized, why didn't more UNIX admins patch reconfigure it to
>> "close the door" so to speak? Do you see any parallels between this
>> and your Microsoft
> This worm was released in 1987. It was a different world then, one in
> which protecting yourself against the net was simply not a big
Like so many OSS/Linux users/advocates claim today? That it's not a
concern for them to protect themselves from viruses, because they're
> As a point of fact, this worm marked the turning point after which
> people had to start protecting themselves against the network. It
> was a sad day, indeed.
>> vulnerability of the week? I mean, look, 1) it was put there on
>> purpose 2) everyone supposedly knew about it 3) nobody did squat to
>> protect themselves
> There was no reason to protect ourselves at the time.
Just like so many OSS/Linux user claim today because they're using *nix?
>> 4) it spread like wildfire or prehaps more accurately *ahem* code
>> red ;-)
> It was impressive, indeed.
>>> - It took advantage of a buffer overflow in the finger daemon.
>> So how come such a simple daemon, with so few lines of source code,
>> that had been around so long, with so many, many eyes making all
>> bugs shallow, could contain a travesty such as gets(line); rather
>> than fgets(line, sizeof(line), stdin);?
> Same reason as above: no one had gone around looking for these things
> because no one had a reason to.
I guess that's why so many OSS/Linux users like to say *nix is
inherently secure because it's *nix..... Why look for things that cant
possibly be there....
> Also, this was _before_ the open source movement go to Unix. For
> example, even though I was a Unix admin (along with other things), I
> did not have legal access to any Unix source code. The same applied
> to many others.
> If you're going to bring up historical issues, you need to analyze
> them in the context of the day.
So lets stick with today's reality's in the OSS/Linux world......
FYI (repost YET AGAIN....)
Just some of last weeks bugs and flaws in OSS/*nix.
Linux and the virus/worm risk:
-- mlvburke@#%&*.net.nz Replace the obvious with paradise to email me. See Found Images at: http://homepages.paradise.net.nz/~mlvburke