lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <006401c360f0$4b658db0$0c351c41@basement>
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: Windows Dcom Worm planned DDoS

"Nick FitzGerald" <nick@...us-l.demon.co.uk> writes:
> And, of course, if MS started messing with the DNS entries for
> windowsupdate.com, it would be cutting an awful lot of users off from
> much needed updates. which could be as disturbing as the rest of the
> worm's effects...

Well, this could potentially be the case.  However, the actual domain used
by the WU server is "windowsupdate.microsoft.com".  At this point,
"windowsupdate.com" is just a redirect for sloppy admins/users.  The WU
binaries distributed with systems (i.e, Automatic Updating on Windows XP),
and the internal Microsoft documentation all point users to
"windowsupdate.microsoft.com", so disabling the DNS of "windowsupdate.com"
would not prevent updating if the user has the proper reference material at
hand.

That said, even if Microsoft *did* mess with the DNS, that would result in a
flurry of port 53 traffic to perform the resolutions.  Also, you still have
a potential for a slight negative effect on patch distribution, and patch
distribution is a *needed* channel.  Of course, if WU gets taken down by the
floods, we're back at square one, as WU remains the primary distribution
mechanism for patches to home users.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ