Full Disclosure mailing list archives

RE: Disney Down?

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Wed, 17 Aug 2005 12:56:19 -0400

you do realize that you are writing for the "Enterprise News & Reviews"

magazine, eWeek - right?  

Yeah. Online we get a little leeway on such things, and anyway it's beside
the point of that statement, which was that none of the current attacks will
directly infect Windows XP systems, including consumer systems, and
therefore will not linger there. To illustrate the point, it's a long time
now since the RPC/DCOM bug was patched and still there are lots of infected
systems out there spitting Blaster at the world; how many do you think are
in Fortune 500 companies as opposed to consumer systems?

You also realize that MS05-039 effects the current "consumer" version of

Microsoft Windows (aka Windows XP) - right?

The vulnerability does, but not any (to my knowledge, as of 12:something on
Wednesday) of the exploits. It affects Windows XP differently than it does
Windows 2000; with Windows XP SP1 it requires an authenticated user, with
SP2 it requires an authenticated user with "log on locally" rights. This
means that the worm will have to add something like a dictionary attack to
look for weak user/password combinations.

I don't disagree with what you say about security practices and the need to
patch quickly. This attack came on very quickly and I think it reveals more
about bad general security practices than slow patching practices.

Any vulnerability that would allow for remote code execution and elevation

of privilege should be treated as a top priority, from both internal and
external attack vectors. 

It's clear that large companies won't patch immediately without some
testing, and I can respect that. The answer isn't that they should shut up
and patch, it's that they should have effective layered security practices
in place that would mitigate attacks such as this even without the patches.
I shouldn't be surprised that there is so much bad security out in Fortune
500-land, but the answer to it is not to patch next-day.

And I still think that the overall scale of this attack was exaggerated
because it was media that was hit, and that the worm doesn't have long-term
legs.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Disney Down?, (continued)
- Re: Disney Down? Dave @ Allnix, LLC (Aug 16)
- Re: Disney Down? pingywon (Aug 16)
  - Re: Disney Down? fd (Aug 17)
- Re: Disney Down? Frank Stein (Aug 16)
  - Re: Disney Down? Morning Wood (Aug 16)
  - Re: Disney Down? Peter Besenbruch (Aug 17)
    - Re: Disney Down? Micheal Espinola Jr (Aug 17)
    - RE: Disney Down? Larry Seltzer (Aug 17)
    - RE: Disney Down? Larry Seltzer (Aug 17)
    - Re: Disney Down? Micheal Espinola Jr (Aug 17)
    - RE: Disney Down? Larry Seltzer (Aug 17)
- Re: Disney Down? Fergie (Paul Ferguson) (Aug 16)
- RE: Disney Down? Andre Protas (Aug 16)
- RE: Disney Down? sk3tch (Aug 16)
  - RE: Disney Down? Poof (Aug 16)
    - Re: Disney Down? xyberpix (Aug 17)
  - Re: Disney Down? Morning Wood (Aug 16)
  - RE: Disney Down? Jan Nielsen (Aug 17)
    - Re: Disney Down? John Smith (Aug 17)
    - RE: Disney Down? Jan Nielsen (Aug 17)
    - RE: Disney Down? Michael Young (Aug 17)

(Thread continues...)