lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: gordon.ewasiuk at verizon.net (Gordon Ewasiuk)
Subject: ISS Security Brief: "MS Blast" MSRPC DCOM Worm
 Propagation (fwd)

On Wed, 13 Aug 2003, Dennis Heaton wrote:

> Date: Wed, 13 Aug 2003 00:25:43 -0400
> From: Dennis Heaton <dennish@...cast.net>
> To: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM
>     Worm Propagation (fwd)
> 
> On the car radio today I heard that the Maryland Dept. of Motor Vehicles was
> shutdown completely as well as numerous other state and federal agencies in
> the USA.
> 
> What is really scary is that many companies or agencies will not report
> their problems...the IT department does not want to look stupid.  So we may
> never really now the extent of this worm!

Just to pile on...

http://www.eweek.com/article2/0,3959,1200038,00.asp

"The federal government last week awarded a $90 million contract to 
Microsoft Corp. to provide the Department of Homeland Security with 
desktop and server software."

Tax dollars at work...

" The move could send a signal to enterprises and other software vendors 
that the government is happy with Microsoft's progress in improving the 
security of its software. As part of the National Strategy to Secure 
Cyberspace, which the Bush administration unveiled last year, officials in 
all agencies of the federal government are supposed to be using their 
purchasing power to pressure vendors into producing more secure software."

I'm not making this up...

"The message is meant to be: Make better software, or we'll take our 
business elsewhere. Microsoft, of Redmond, Wash., has apparently received 
that message. It has begun a companywide initiative to upgrade the 
security of its software and has put its Windows 2000 operating system 
through the government's stringent Common Criteria certification process."

Yes, that says "make better software or we'll take our business 
elsewhere".

"The agreement covers approximately 140,000 desktops, which will include 
standard configuration, Windows XP, Microsoft Office Professional and Core 
Client Access licenses. According to the department, it will provide for a 
more standard computing environment and reduce deployment, implementation 
and maintenance costs."

140,000 possible victims.  This was right around the time the DCOM patch 
was published by M$.  Interesting...

BTW, the press release announcing the M$ contract mysteriously went 
missing on dhs.gov.  Perhaps it was never there...don't know.  Yet, the 
site has press releases announcing various grants and awards:

http://www.dhs.gov/dhspublic/display?content=1090

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ