Evans, Timothy R (BearingPoint) wrote: > > I know of several organizations in the Washington / NoVa / MD > area that were > effected - the MD Motor Vehicle Administration was offline for > quite some > time, for example. > > > Sadly - too many people, many who should know better, assumed > that as long > as the "edge" was secured than all was good. Unfortunately it > only takes > one laptop (for ex) to break that theory :).
Makes me wonder about people's security policies. Bringing in a laptop that isn't running software approved by IT shouldn't be allowed. This software should include patched OSs, anti-virus, and personal firewall. Of course, enforcing that is difficult. Friday night I was walking by a local bank and noticed that the ligths were still on. I had to chuckle when I looked inside and noticed IT guys hunched over PCs at the tellers' stations. I'm pretty sure I know what they were doing. And yes, IT guys are easy to recognize. You know who you are. :-) Today I went to my favoriate local coffee shop. The public Internet acccess PC was turned off with a sign that said, "Not in service due to virus. Bye, bye Miss American Pie." Ah, the day the music died. This blaster thing is yet another wake-up call. The big one is still coming. We are lucky that so far it's been benign tricksters attacking our networks. Sorry for the dire warning, but I truly predict a huge failure at some point. Argh.... > > > Luckily - this was/is a very sloppy worm: > Noisy enough to easily tracedown > Poor propogation method > Limited vectors of attack > No destructive payload > (don't get me wrong - having a backdoor is bad, but let's say > it wiped data > from hardrives 8 hours after infecting them, or performed some > other > non-randon act of data destruction) > ... and, to top it all off, its attempted DoS was to the wrong > URL and > was easily sidestepped, although some people caused local RST > floods on > their network by attempting to mitigate it incorrectly :) It's not just Microsoft that has software bugs! Getting the wrong URL was an amazingly stupid bug, but benign. A lot of the infamous worms of the past spread unintentionally like wildfire because of software bugs. Why is software so hard to get right? Well, I know why. But this has gotta change.... Priscilla > > > > Thanks! > TJ > ... not all windows admin's are incompetent > ... and some are network admins as well :) > > -----Original Message----- > From: Reimer, Fred [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2003 4:23 PM > To: [EMAIL PROTECTED] > Subject: RE: OT Microsoft worm [7:74045] > > For reasons of confidentiality I won't and can't name any > names, but I am > aware of several hospitals that were affected pretty > seriously. Everyone > here knows that Cisco Call Manager runs on Windows, so imagine > what happens > to your entire phone infrastructure if you are running VoIP. > Network grinds > to a halt and admitting can't access the applications to admit > people in the > ER. Lab orders don't go through, so meds can't be dispersed > based on the > results of tests. Everything goes back to a paper fall-back > scheme until > the Windows administrators patch the systems like they should > have done > weeks ago. > > So no, don't assume that even large organizations have a handle > on things. > Especially hospitals which are notoriously on the low end as > far as > adequately staffing, at the right levels, their IT staff. > > One thing I sincerely hope is changed in our lexicon is calling > Windows > administrators "network administrators." It makes me > physically ill, > because those folks don't "administer" the "network," if > anything they > actually do can be classified as competent administration. > They should be > called what they are "systems administrators," or, if you want > to be more > specific, "Windows administrators." I personally think they > deserve a > classification of their own. > > All I can say is that the Windows systems that our group has to > use and is > responsible for were patched long ago, and did not exhibit any > issues. > > Fred Reimer - CCNA > > > Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA > 30338 > Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > > NOTICE; This email contains confidential or proprietary > information which > may be legally privileged. It is intended only for the named > recipient(s). > If an addressing or transmission error has misdirected the > email, please > notify the author by replying to this message. If you are not > the named > recipient, you are not authorized to use, disclose, distribute, > copy, print > or rely on this email, and should immediately delete it from > your computer. > > > -----Original Message----- > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2003 1:22 PM > To: [EMAIL PROTECTED] > Subject: OT Microsoft worm [7:74045] > > Just wondering, is this new LOVSAN msblast worm as big as it > seems to be? > I've been helping lots of Windows users clean up their > machines. They all > had the worm. These are mostly home users. I can't believe they > would use > broadband, "always-on" access and not have a firewall, but they > didn't! > > What are you all seeing? Is this a big one? I suppose > enterprise networks > are much better protected (hopefully) than the home networks > I've been > helping out with. > > One has to wonder if the huge power outage could be related. I > can imagine a > Windows computer somewhere in Ohio that played a surprisingly > important role > in keeping the grid working and had been infected..... But I > read a lot of > science fiction. :-) > > By the way, the stupid worm is attacking the wrong Microsoft > URL! So that > aspect of it isn't going to be as bad as once thought. > > Comments? > > Priscilla > **Please support GroupStudy by purchasing from the GroupStudy > Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > **Please support GroupStudy by purchasing from the GroupStudy > Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > > ****************************************************************************** > The information in this email is confidential and may be > legally > privileged. Access to this email by anyone other than the > intended addressee is unauthorized. If you are not the > intended > recipient of this message, any review, disclosure, copying, > distribution, retention, or any action taken or omitted to be > taken > in reliance on it is prohibited and may be unlawful. If you > are not > the intended recipient, please reply to or forward a copy of > this > message to the sender and delete the message, any attachments, > and any copies thereof from your system. > ****************************************************************************** > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74119&t=74045 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html