lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1044038223.21025.696.camel@utd49554.utdallas.edu>
From: pauls at utdallas.edu (Paul Schmehl)
Subject: The worm author finally revealed!

On Fri, 2003-01-31 at 10:44, Ron DuFresne wrote:
>
> As mentioned in another list, all this trouble M$ folks have with
> patching, and indeed it seems a carzy mess in the windows world, whence
> various badly compiled patches will back you out of fixes from the privous
> patch, as well as the issues of what thrid party software might do the
> same as well as make you open to a potential vuln you weren't subject to
> prior, sheesh the list goes one, we need to pity these porr windows
> admins.  Russ Cooper had a few posts in ntbugtraq outlining the complexity
> with just the windows base OS upgrades, let alone 3rd party stuff...

Here's a good example.  We recently purchased HEAT (a Help Desk - call
tracking product) and installed it on a Windows 2000 Server running SQL
(required for HEAT.)  During the Slammer mess, the box went down, and it
hasn't been back up since.  We *thought* it was due to Slammer, but
further investigation revealed that one of our admins had patched the
box on Friday - before Slammer hit us - and the *patch* is what took the
server down.  (The Windows OS is still working, but HEAT is not.)

Backing the patches out didn't do a thing, so now we have to return all
the way to SP2, reinstall HEAT and then patch back to the level right
*before* the one that took it down.  You can just imagine how thrilled
the admins are to have to do that - and the next time they have to patch
that box, they'll be real leery about doing it.  And these are admins
who are *very* conscientious about patching and *very* aware of security
issues.

Multiply this times 500,000 similar situations worldwide and you have a
rudimentary grasp of the problem.

-- 
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ