From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Sun May 26 2002 - 19:37:25 MDT
On Sunday, May 26, 2002, at 08:36 pm, Robert J. Bradbury wrote:
>
> On Sat, 25 May 2002, Hal Finney wrote:
>
>> Eugen forwards:
>>> http://www.icir.org/vern/papers/cdc-usenix-sec02/index.html
>>
>> This is a frightening paper which shows the magnitude of the threat
>> to the net caused by the continual evolution of worm software.
>
> That is a mild understatement.
>
> The paper is a must-read for anyone developing software who doesn't
> normally worry about security.
This is old news for people in the security community. The paper is
based on data from a year ago. Security people have already been trying
to get IT managers to consider this new class of threat. And they have
already failed.
The IIS vulnerability, e-mail executions, webpage exploits, Nima and
Code-Red examples discussed in this paper are all Microsoft specific.
Microsoft has already launched a campaign to claim that they have
revamped security and are now the premier security platform. Managers
have already dismissed these threats as being solved by Microsoft.
Of course, security professionals know that they are not. While
security professionals applaud this new analysis of the threat, I doubt
most IT managers would read such a technical paper.
-- Harvey Newstrom, CISSP <www.HarveyNewstrom.com> Principal Security Consultant <www.Newstaff.com>
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:14:24 MST