Re: Apache / mod_ssl: friend or foe?

From: Richard Steven Hack (richardhack@SPAMHELLNOznet.com)
Date: 09/24/02 

From: Richard Steven Hack <richardhack@SPAMHELLNOznet.com>
Date: Mon, 23 Sep 2002 16:19:11 -0700

On Mon, 23 Sep 2002 11:25:04 -0700, "Robert Connor"
<rc3NO@SPAMPLEASEhotmail.com> wrote:

>In all fairness the specific exploit Alan was suggesting is one that already
>gives root access to anyone who wants it.

And the exploit was closed within days of its being located, and when
the worm started, it was shut down within a week by the affected
admins patching what they should have patched a month ago, after being
alerted by private security companies that did what the NSA would have
done - penetrate the worm's P2P network, trace the infected systems
and alert the admins.

I don't see how the NSA could have reacted any faster except by having
full admin privileges AND surveillance on all possibly affected
systems. It just isn't feasible. And the NSA would likely have
broken a lot of systems mis-applying the patches. I think the local
sys admins, however clueless they may be about applying patches, still
know their local systems better than the NSA could and should thus be
primarily responsible for responding to these sorts of situations.

Now one could argue, I suppose, that if the NSA had been immediately
informed of the worm, it could have done what F-Secure did and
immediately penetrate the worm's P2P network, trace the infected
systems and patch them remotely. For this attack, that might have
worked. But I doubt they would have significantly more successful at
this than F-Secure was in fact. And it stil presupposes that the NSA
would have had to have had root access to all POSSIBLE infectable
systems.

Supposedly Microsoft systems have an NSA backdoor in them already, so
I suppose the concept is already clear up in Redmond... I really
doubt anybody would go along with it unless it were Federal law.

Now, you COULD argue that there should be a more coherent incident
response network so that ALL sys admins would be immediately alerted
when an incident occurs with full details of the detected exploit so
that they can check their systems for the reported intrusion. That
might be feasible. Sort of like the Emergency Broadcast system, but
delivered over the Net (what happens if the Net is so affected you
can't deliver it??) and anyone with a system on the Net has to
subscribe, or something... 

-- 
The Master

"Whatever does not kill me makes me stronger"
 - and YOU have not killed me!

-----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
   http://www.newsfeed.com       The #1 Newsgroup Service in the World!
-----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----

Quantcast