I remember that journalist's name:
That's a blast from the past regarding accuracy in tech journalism:
http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm
In that story that was written up they failed to mention that in their
study that they took a SBS box, one nic, netbios ports obviously
exposed, and set up the system with the password of password (which if
you followed the "wizardized" setup to that SBS box, not only does it
warn you not to set up a box without a hardware firewall if you have one
nic, but it prompts you twice during the setup to select a proper
password and if you've selected a rotten one, it warns you about that
too, thus to get the box in that condition, you'd have to really NOT
READ. Granted in the tech industry there is a reputation of not
reading, but a normal person would have to be really blind not to miss
all the times a typcial SBS box wants to make sure you aren't as stupid
as they set this box up.
Is any of that in that article? Uh no...it's not. And I'm actually
surprised that the SBS box with one nic, netbios exposed and an
Administrator account of "password" stood up as long as it did. That's
like standing in the middle of the diamond lane on the 405 freeway at
7:30 a.m Monday morning and getting surprised that a car drove over you.
I'll see if I can find his email address in my archives because I found
his email address searching on the web and pinged him.
My memory is a bit rusty...I could be wrong, but I don't remember
hundreds of thousands being bantered around back then as the infection
number either. In fact I'm not sure I remember 'infections" being
bantered about .. I remember infected web site numbers being debated though.
Symantec Security Response - Bloodhound.Exploit.56:
http://www.symantec.com/avcenter/venc/data/bloodhound.exploit.56.html
Exploit-WMF:
http://vil.mcafeesecurity.com/vil/content/v_137760.htm
US-CERT Vulnerability Note VU#181038:
http://www.kb.cert.org/vuls/id/181038
There seemed to be hundreds of thousands of security experts freaking us
out during the WMF issue.....that's more of what I remember....
Murad Talukdar wrote:
Valid points being made by everyone here--and I'm glad that this list is
finally seeing some action to rival the basics list!
Just going back to one of my original issues: Can anyone verify statements
like this from USA Today?
"In December, cybercrooks moved quickly to exploit a similar Internet
Explorer flaw, hijacking hundreds of thousands of PCs before Microsoft made
a patch available. The emergence of zero-day threats has raised complex
dilemmas for the world's largest software maker."
Hundreds of thousands?
Link here
http://www.usatoday.com/tech/news/computersecurity/2006-03-30-microsoft-secu
rity_x.htm
Where are these numbers coming from? I would like some sources quoted here I
guess. I'm sure that honeynets etc give some estimates of what's going on
and how many sites etc are out there exploiting these flaws. Microsoft has a
scheme running too, doesn't it? Honeymonkey?
I'm trying to get an email address for the reporter, Byron Acohido.
Regards
Murad Talukdar
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
