Re: BLaster/Lovesan has a sibling now.
 

<font size="2" face="Verdana, Helvetica, sans-serif">Sorry, I disagree with this totally. In what other type of crime are the criminals treated as stars and heros and and the victims critisized for not properly protecting themselves? I don't blame you for feeling that way since you work in the IT business. But until we treat this as a crime and not just another factor of business it's not going to get any better.

Geoschmo

Re: BLaster/Lovesan has a sibling now.
 

True but the real problem is people need to take security serious. This exploit has been out for almost a month.

Re: BLaster/Lovesan has a sibling now.
 

One of the problems is the slashing of IT staff by businesses and government. Here, we are so short of staff that there is no way we can check our outlying offices more than once every other month, and then one network tech might have to hit three offices in three counties that day. Then on top of the network related duties, we have to do pc repairs also, that position was cut. Some of our offices are three hours away, so the better part of the day is spent traveling.

Re: BLaster/Lovesan has a sibling now.
 

I don't consider hackers heros, but just because there are police to stop criminals that doesn't mean that you don't lock your house when you leave.

It's fairly simple, the patch has been out for almost a month, there is no excuse (including the company I work for) for anyone who is responsible for a production system not having them patched by this point.

Re: BLaster/Lovesan has a sibling now.
 

Richard, I don't mean to speak for you of course, but the typical protrayal of these guys is that they are basically harmless, bored, too smart for their own good, or even good intentioned if misguided in their methods. They are treated as heros within their own sub-culture, and some of them acchieve a sort of Jesse James cult standing among the general population who quietly view them as striking a blow against the evil tyranny of Microsoft, or big business in general. Often when they are caught they are given cushy jobs working for the security industry figuring out how to stop the punks that took over after they left. It's a bunch of crap. Instead they should be derided for what they are, malicous, destructive, deviant punks. And when caught they should be locked up for a serious amount of time and when let out not allowed to touch another computer for the rest of their lives.

I lock my door, but if I had to change the lock every week or every month to keep the punks form coming in my house I'd be pretty pissed off about it. I might decide to give up on the lock alltogether and sit inside the door with a gun instead.

Re: BLaster/Lovesan has a sibling now.
 

Yes the patch has been out for several weeks.
Questions:
Hasn't Microsoft issued patches in the past that made things worse or opened other doors? (Maybe I'm wrong here).

How much do you trust Microsoft who said they do not support a system not running Service Pack 3?

How careful should you be when updating hudreds of servers and 15,000 destops running who knows how many different programs?

Regrettably for my group we were tooo careful.

I don't want to be overly dramatic but I feel like a lot of people In General are
"Blaming the Victum"
Edit: changed "here" to "In General"

[ August 15, 2003, 13:55: Message edited by: Gryphin ]

Re: BLaster/Lovesan has a sibling now.
 

What is occurring here is a form of terrorism. Sure its probably bored kids, but they are putting people’s lives at risk. At my work the patch was installed on the test network the first week it came out, then on the servers shortly there after. Desktops were ignored, a) because we don’t have the bodies to address them, b) because Citrix shields them from the outside world. But when the DMV went down, the situation was reevaluated and we began to patch. So far, nothing has been found on any systems. There was a false alarm, but it was a bad power strip.

The main reason that these people can get away with this stuff is the current IP/TCP system we use. NAT makes it hard to trace events back to the source, but without NAT we would have to disconnect most of the world. Also, many of these attacks originate outside of the US, and are not subject to our laws. IPv6 will help the problem a lot, and implementation has been pushed up. The second thing that needs to happen is this: people need to be responsible for the systems they own. On my wan subnet there are about 60 systems, about 25 of them are infected and 4 of them constantly sniff data and test my firewall. If I catch it in my server logs, I know Comcast does. But Comcast refuses to take any action on the problem. People that unknowingly have infected systems need to be disconnected and referred to professional repair sources. People that knowingly hack and probe need to be prosecuted. The law allows for stiff penalties for gaining unauthorized entry into a protected network. But they do not do much to deter the attacks.

We need to develop a package of laws that address the illegal activity on the internet, and then apply minimum sentencing rules to those who break them. They should cover Sniffing, Unauthorized Access of all types, including the insertion of software (viruses and worms along with ad and spy ware) and the unlogged forwarding of email. Then we should remind the world that America gave them the internet and that we can also disconnect them. With that said we should ask them to sign a convention adopting the same rules. The states and nations that refuse (Nigeria, Iran, China come to mind) should then have there connectivity terminated. When I use my satellite, fully 1/3 of the background activity is probing by the Asian Pacific Network. Anyone care to guess who they are? They know about this on the hill, but I guess there is not enough money to be made from the law and order side of this problem.

This particular attack was aimed directly at MS, it looks for a folder that is only present on some MS systems and then goes to work. So the Authors had an axe to grind with MS. And they probably will brag about it sooner or later. I only hope that they are caught and severely punished. And if they are kids, I hope that the injured parties line up and sue their parent’s right out of their homes. If they did it at school, then the school should pay the damages, they are supposed to be supervising what happens on their systems. If the rumor about them hacking a backbone switch to insert the worm is true, then I hope the company that owns the switch has been in compliance as for as logging goes.

Re: BLaster/Lovesan has a sibling now.
 

<font size="2" face="Verdana, Helvetica, sans-serif">OTOH, Microsoft may just be the target of opportunity. Like the time someone asked the infamous bank robber Willie Sutton why he robbed banks - "Because that's where the money is." Why attack Microsoft? They're the OS on 90%+ of the world's computers. Who's going to write a worm to attack OS2/Warp nowadays? http://forum.shrapnelgames.com/images/icons/icon10.gif http://forum.shrapnelgames.com/images/icons/icon12.gif