lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611ECFCEC3@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: The worm author finally revealed!

-----Original Message-----
From: yossarian [mailto:yossarian@...net.nl] 
Sent: Friday, January 31, 2003 6:35 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] The worm author finally revealed!

>But since you asked: I have been a network manager - responsible 
>for infra for 5 countries, 61 offices, 10.500 corporate 
>computersystems, some 2000 from customers (Firewall farms, 
>SAN/NAS, co-location, etc) we had some 1000 programmers, 
>7000 IT consultants - total helpdesk size 69 people, some 450 
>calls per day. Somewhere else I rebuilt an aircraft manufacturers 
>network - getting rid of Phase IV, PDP8's, replace international 
>private backbone. Earlies in life been responsible for all mail 
>systems (PC clients, PC servers, terminals, midrange, mainframe, 
>in 52.000 user network) at bank, total helpdesk size 337, average 
>calls per day some 1400 from 37 countries. Never did exciting 
>things, though. I hope I qualify.

Now I'm even more surprised that you haven't gotten my point.  Or are
you just trying to play devil's advocate?  My point is that the twits
that think every admin whose network got one instance of Slammer or who
wasn't already blocking 1434/UDP should be fired for incompetence simply
don't have any comprehension of how a large network works.  It's easy to
say "pull the plug" when you're not responsible for the boxes.  It's a
bit harder when you have competing constituencies demanding opposing
actions.

At UTD we *do* pull the plug.  But I would never be so arrogant as to
demand that someone else do, because I don't know their network.  There
can be a *ton* of reasons why something wasn't done (like patching or
blocking ports) *other than* incompetence.

To answer your questions specifically, yes we do test patches, no you
can't test every situation - sometimes shit just happens, of course we
called the vendor, of course we have backups, yes our admins are *very*
experienced (our senior Windows admin is a Certified Banyan Engineer,
among other things, if that tells you anything.)

My point is not that UTD is trying to make excuses (because we're not),
but that calling admins incompetent without even knowing their networks
is arrogant and insulting, and I really wish people would stop doing
that.

I really don't care what anyone calls me.  I don't need validation from
external sources.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ