From: InfoSec News (isnC4I.ORG)
Date: Thu May 04 2000 - 17:57:00 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Forwarded by: Darren Reed <darrenrreed.wattle.id.au>]

[Moderators note: I think this is the last one we'll take on this subject]

In some email I received from Jamie McCarthy, sie wrote:
[...]
> Are you guys still arguing about "Piranha," an obscure utility for
> Red Hat whose default password a few newbie sysadmins might not have
> changed?

The problem isn't so much that it happened, but why/how. Many would have
expected better...but it is quite likely that this threat, like the source
of many other security "problems" (as opposed to bugs) is what customers
at some stage have asked for and now expect, so taking it "out" isn't that
easy.

> Meanwhile, another Melissa-style virus is rampaging through Asia,
> Europe and America, crashing SMTP servers, flooding T1 lines,
> apparently taking down an ISP referenced in its source code
> (skyinet.net), and causing panic in investment banks and other
> professional corporations worldwide:
[...]

Too bad this email virus wasn't ready on January the 1st, then people
would have had the "doomsday" they were all expecting. Even then, it only
becomes active when people read it, so roll forward to when ppl started
work in January.

[...]
> Are you really still arguing that "quality control" is weak on Linux,
> even while thousands of sysadmins are beating their heads against the
> wall because of Microsoft's infantile and inadequate email security?
> (Who decided that executing scripts from email would be a good idea?)

Who knows ? But that's what we got when MIME came into being. Many Unix
mail agents run shell scripts to handle MIME and there have been a few
security issues there as well. Difference is that Unix mail readers don't
make up a majority of mail clients used by people around the world.

If you want real doomsaying, picture this - a Y2K version of the Morris
worm, exploiting the latest buffer overflows to propogate and install
DoS agents everywhere it goes and then at some predetermined time, start
flooding the 'net with random packets. It the post mortem analysis, the
source hosts would all be poorly secured Unix boxes (Linux/Solaris, etc)
and copies of a modified version of mstream to blame. What scares me is
that it's hard to know the real potential for that to turn into reality,
with perhaps our saving grace being that the people who could/would make
such a tool have to use the same 'net as us and therefore don't want to
do too much damage (or have too much fun). Back in the mid to early 90s,
as the 'net turned into a receiver pays for bandwidth system (and still
is to some extent), some of us theorised about these sort of attacks. I
am not sure I want to be around the 'net in another 5 years if there are
no real advances made with deploying and using RSVP for normal traffic.

> Are we _still_ pointing the finger at "Piranha" while the net
> collapses in flames around us?

Err, don't you mean the 'net is clogged with email rather than porn ?

;)

Darren

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]