Andrew J Homan <[EMAIL PROTECTED]> wrote: > It seems that between the time dcom.c first starting popping up around the > internet and today, there was ample time for someone to write and release a > worm designed to patch infected systems and remove any sign of itself. > Given that on the 16th of this month windowsupdate.com will be DDOSed, does > anyone else see this as an opportunity for a war of worms with > windowsupdate.com at stake? ...
Please can we not have this debate again? The believers on both sides are almost as trenchantly set in their beliefs as the pro and con full-disclosure camps and equally unlikely to move. If you really want to know people's views on this issue, please search the web for "good worms" and the like. > ... Would anyone consider releasing a patching > worm on their own network if they knew it wouldn't spread to the rest of > the internet or is there a downside to this notion which I'm not realizing? Why would anyone do that? Given they had the authority to make such patches, why were they not running one of the many freely available vulnerability scanners that search for just this vulnerability during the last few weeks and taking appropriate action based on the results? If they do not have the appropriate authority to do that they would not have the appropriate authority to run such a "worm". Yes -- it may save a few lazy, and a few grossly under-resourced, admins arses, but perhaps the kick in the pants their _organization_ will feel for failing to have taken suitable preparatory measures (which go far beyond simply having applied the MS03-026 patch sufficiently in advance of this worm's release!) will finally be what it takes for some of those organizations to finally wake up and smell the coffee??? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html