mailing list archives
Re: Over three million computers 0wned?
From: Sean Donelan <sean () donelan com>
Date: Mon, 30 Jun 2003 03:59:02 -0400 (EDT)
On Sat, 28 Jun 2003, Etaoin Shrdlu wrote:
Sheer, utter, mind-numbing nonsense. If it weren't for the tremendous
amount of software out there that makes it EASY to take over machines (and
I include every single default install of every single OS that enables
anything more than port 22), if it weren't for the stunning array of folk
Heavy sigh. Unfortunately even that isn't good enough for some vendors.
Yep, believe it or not, at least one vendor managed to create a buffer
overflow in their IP stack which didn't require *ANY* ports to be open
on the victim. If it was connected to the network with an active IP
interface, that was enough. If you want complete network safety, you
want wire cutters. Then you just have to worry about the traditional
physical stuff like sneaker net, theft, etc.
The unanswered question is what should be considered reasonable? And
how much of a burden should the end-user carry?