> Well, let's hope we can watch the Super Bowl in peace -- I'm > turning my pager & cell phone off anyways. :-)
I'm going for Steelers. You? I've got a couple of fresh Maine Lobsters and Union Oyster House chowdah to put up if you're interested in a wager. [ Removed my name from the subject. I like it in lights, but I've had enough for today! :-) ] > In any event, as Alex Eckelberry writes over on the Sunbelt > Software blog, "...were now seeing infestations for the > Blackworm worm (aka KamaSutra) getting close to 2 million. > > "Yesterday it was at close to 700k. > > "Of course, its possible that this URL has gotten out to > the public, which would increase the count (simply hitting > the website increments the count by one). However, to my > knowledge, this URL is only known in the security community. The URL is out all over the place. > "Remember that this worm has a very destructive payload. Even > if you discount the number here, youre still looking at a > significant number of people who will suffer potentially > devastating data loss." > > I couldn't agree more. People without A/V? How sad can you feel? I don't want anyone to lose data, but I bet a bunch of people by A/V as a result. That's good. Check out this story where it was downplayed: http://www.eweek.com/article2/0,1895,1915070,00.asp > > http://isc.sans.org/blackworm > > Further, our reports lead to a SANS ISC temporary URL's for each AS. http://isc.sans.org/diary.php?storyid=1073 - but really, do you consider this to be a huge issue that we should prepare to be on call over? Sans, http://isc.sans.org/infocon.php and Symantec, http://www.symantec.com/index.htm , are both at their normal threat levels. The point I was trying to make before the thread went, East?, was that there is a perceived problem in the security community with approrpriate response. I'd tell you how I think that could have been avoided, but then my name would go up in the subject again. *cough full disclosure* Off the top of my head I think the security trust landscape today looks like this. I base this on participation, people I know participating, comments I hear at the NANOG water bubbler, etc. and they are nothing but personal opinions. SANS - Trusted, good reputation growing NSP-SEC - nuetral since it's a collective of people+groups skitter15 - untrusted, but trusted when info leaks. (too long to explain) PSIRT - trusted, borderline. US-CERT - trusted for NA matters, w/other certs UK-CERT - trusted for EU matters, w/other certs IL-CERT - no comment DA - untrusted TISF - untrusted, new, etc. CERTs at large - Nuetral, has to be case by case Carrier Security Groups - Trusted for matters of their own MSS - Neutral AV - Trusted Software Vendors - Neutral Hardware Vendors - Untrusted, case by case Force 10 - Trusted Juniper - Trusted Cisco - Nuetral, case by case Team-Cymru - Trusted case by case SecuriTeam - Untrusted, untested This isn't a popularity contest, so I'll leave individuals off of my list, but you can probably guess who in most cases including using some of the notes above. -M<
