Full Disclosure mailing list archives
Re: Re: [FD] Super Worm
From: "Gregory A. Gilliss" <ggilliss () netpublishing com>
Date: Mon, 19 Apr 2004 21:46:41 -0700
Seriously-nudging-up-to-off-topic-but... You make a good (albeit incomplete) point. You left out that BITD ('88) security was NOT a line item, since the 'net was, effectively, a finite and restricted community. Not every damned idiot has a dial-up, and almost no one had their own private broadband. The many universities and private sector companies that were connected served as gateways for thousands, not tens of millions, of users. The users, in turn, consisted of (mostly) people who would not tamper with the systems because they feared (a) disrupting the community, (b) serious reprisals from their company/university/sponsor, and (c) they were too busy doing "real" work to have excess time left over to play "I-wonder-what-happens-if-I-try-this" crap. I can remember people (and likely you can as well if you remember Morris) who would "find" a hole and tell a few people in terms of "don't-do-this-it-night-get-you-kicked-off" Shit, back in '88 people still were playing music on line printer :-o Fast forward fifteen years (wow). Everybody from Morris (who reputedly pled out, served probation and was quietly ensconced in NSA along with his dad) on down to some 85 year old AOL subscriber is online. Worse, important (read "money") data is being stored on the publicly accessible 'net (remember universities NEVER kept important data like payroll and grades online >-) And let's not forget the monoculture was not just sendmail...as I recall, there were PDPs, IBMs, Cybers (IBM clones), CDC, VAXen, and not much else available in '88 (yes, I'm discounting PCs because they were often as not used as front end VT100/3270s for the big iron when they weren't running Lotus or Solitaire - how things change indeed). Today's monoculture (and where *is* Dan Geer anyway) of Microsoft OS's is being, has been and continues to be exploited. The serious increase in threat postings to this list in the past week indicates that the Winter was well spent and that people who have not already done their Spring cleaning better stay late this week to make sure that they're not vulnerable. BTW, anybody who wants to *really* f**k the system these days better go read up on SNA, because more banks and insurance companies and hospitals than I know are ditching the "rack-o-Dells" and the requisite expenses (people, collocation, blah blah blah) in favor of CICS/DB2 through a 3270 emulator. Stupid part is that they're transmitting that traffic across the 'net - sometimes via VPN, often not. Forget Ethernet, start scanning for LU6.2 if you want to be truly 31337. G On or about 2004.04.19 17:48:31 +0000, Andrew J Caines (A.J.Caines () halplant com) said:
But the monoculture of sendmail was the aggravating factor which made its impact so significant - a large piece of complex software riddled with design flaws, bugs and beyond the ability of any individual to understand and control, used by most systems on the net. [I hold fingerd and rshd innocent on the grounds that they worked as intended, but were abused.] How times don't change. Well, actually they do. There was only one Morris scale worm, sendmail was improved in important ways (albeit slowly), superior software was adopted in significant numbers by informed netizens and those responsible for the poorer quality software took more responsibility in using it properly. What's more, we had the excuse of naivety and immaturity of software design back then. I wonder how long before the current monoculture threat to the net is addressed as effectively.
-- Gregory A. Gilliss, CISSP E-mail: greg () gilliss com Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Super Worm, (continued)
- Re: Super Worm Niek Baakman (Apr 18)
- Re: Super Worm Sven Fischer (Apr 19)
- Re: Super Worm Richard Maudsley (Apr 19)
- Re: Super Worm Valdis . Kletnieks (Apr 19)
- Re: Super Worm Richard Maudsley (Apr 19)
- Re: Super Worm Willem Koenings (Apr 18)
- Re: Super Worm Willem Koenings (Apr 18)
- Re: Super Worm Valdis . Kletnieks (Apr 19)
- Re: [FD] Super Worm Andrew J Caines (Apr 19)
- Re: [FD] Super Worm Andrew J Caines (Apr 19)
- Re: Re: [FD] Super Worm Valdis . Kletnieks (Apr 19)
- Re: Re: [FD] Super Worm Gregory A. Gilliss (Apr 19)
- Re: Re: [FD] Super Worm Dave Horsfall (Apr 19)
- Re: Re: [FD] Super Worm Bruce Ediger (Apr 20)
- Re: Re: [FD] Super Worm Dave Horsfall (Apr 20)
- Re: Super Worm Valdis . Kletnieks (Apr 19)
- Re: .hash= Joris De Donder (Apr 21)
- RE: Super Worm Sean Crawford (Apr 19)
- Re: Super Worm Aschwin Wesselius (Apr 19)
- RE: Super Worm Curt Purdy (Apr 19)
- RE: Super Worm Bart . Lansing (Apr 19)