lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <105631935-1124306285-cardhu_blackberry.rim.net-11496-@engine38>
Date: Wed Aug 17 20:18:42 2005
From: jasonc at science.org (Jason Coombs)
Subject: Disney Down?

American Express has been unable to provide me with customer service by telephone since the outbreak began.

Larry, you of all people can't possibly believe that the scope of this incident is limited to what you read in the news.

Furthermore, do you truly believe that the worms are the point here?

The worms cause a distraction, and the media plus the antivirus industry collaborate to make victims believe that they can recover from the incident just by shutting down the worm.

What about attacks that took place with the worms as cover? How many high-value systems just got compromised, and will remain so, by something other than the worms' code -- where the victim won't even bother to investigate that possibility because they feel like the worm was the incident.

Regards,

Jason Coombs
jasonc@...ence.org

-----Original Message-----
From: "Larry Seltzer" <larry@...ryseltzer.com>
Date: Wed, 17 Aug 2005 08:20:17 
To:"'Micheal Espinola Jr'" <michealespinola@...il.com>,       <full-disclosure@...ts.grok.org.uk>
Subject: RE: [Full-disclosure] Disney Down?

>>"So patch your systems, but don't miss your kid's play in order to do it.
We've seen a lot worse than this in the past."
>>Brilliant advise[sic]!

Yeah, clearly I timed the column badly, but I still think there's more smoke
than fire on this outbreak. If it had been International Paper or some
company like that rather than media outlets I suspect it wouldn't be getting
all this attention. I also think it's fair to say that when it dies down,
relatively soon, it won't achieve the endemic status of Blaster and Sasser
because it will have little or no presence on consumer systems.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer@...fdavis.com 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ