| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44.0308130122180.22473-100000@rumpshaker.irides.com> From: gordon.ewasiuk at verizon.net (Gordon Ewasiuk) Subject: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) On Wed, 13 Aug 2003, Dennis Heaton wrote: > Date: Wed, 13 Aug 2003 00:25:43 -0400 > From: Dennis Heaton <dennish@...cast.net> > To: full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM > Worm Propagation (fwd) > > On the car radio today I heard that the Maryland Dept. of Motor Vehicles was > shutdown completely as well as numerous other state and federal agencies in > the USA. > > What is really scary is that many companies or agencies will not report > their problems...the IT department does not want to look stupid. So we may > never really now the extent of this worm! Just to pile on... http://www.eweek.com/article2/0,3959,1200038,00.asp "The federal government last week awarded a $90 million contract to Microsoft Corp. to provide the Department of Homeland Security with desktop and server software." Tax dollars at work... " The move could send a signal to enterprises and other software vendors that the government is happy with Microsoft's progress in improving the security of its software. As part of the National Strategy to Secure Cyberspace, which the Bush administration unveiled last year, officials in all agencies of the federal government are supposed to be using their purchasing power to pressure vendors into producing more secure software." I'm not making this up... "The message is meant to be: Make better software, or we'll take our business elsewhere. Microsoft, of Redmond, Wash., has apparently received that message. It has begun a companywide initiative to upgrade the security of its software and has put its Windows 2000 operating system through the government's stringent Common Criteria certification process." Yes, that says "make better software or we'll take our business elsewhere". "The agreement covers approximately 140,000 desktops, which will include standard configuration, Windows XP, Microsoft Office Professional and Core Client Access licenses. According to the department, it will provide for a more standard computing environment and reduce deployment, implementation and maintenance costs." 140,000 possible victims. This was right around the time the DCOM patch was published by M$. Interesting... BTW, the press release announcing the M$ contract mysteriously went missing on dhs.gov. Perhaps it was never there...don't know. Yet, the site has press releases announcing various grants and awards: http://www.dhs.gov/dhspublic/display?content=1090
Powered by blists - more mailing lists