From: Nicholas Weaver (nweaverCS.berkeley.edu)
Date: Thu Jul 01 2004 - 11:46:50 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 30, 2004 at 01:43:11PM -0400, Jeremy Epstein composed:
> A slightly less draconian configuration might have a filtering router that
> only allows users to visit particular sites; in that case also, the IE
> problems would be of no concern (since the redirect to the Russian and
> Estonian sites could be prevented).

This would not be the case, as the trojaned sites could easily present
the malware directly, rather than contacting a third party site. That
it didn't is simply a sign that the attacker was less clever and
creative than he could have been. Thus all sites which can be
contacted need to be "trusted".

> The latest set of attacks demonstrate some pretty bad problems, and
> Microsoft deserves a lot of criticism. But let's not go overboard.

A better criticism is that, yeah, QA is important, but this is a known
critical exploit for over a WEEK now and there is no patch in sight.

That the crisis hasn't bloomed further with the simple hack:

Make the malcode modify any .html it can find, and include itself on
that site for download, combined with the continual attacks on IIS
sites, banner servers, etc...

is a mystery to me.

--
Nicholas C. Weaver nweavercs.berkeley.edu

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]