Hoping Win '98 is immune, Joanna
>---------- Forwarded message ----------
>Date: Thu, 19 Jul 2001 17:35:53 -0700
>From: Phil Agre <pagre at alpha.oac.ucla.edu>
>To: Red Rock Eater News Service <rre at lists.gseis.ucla.edu>
>Subject: [RRE]"code red" worm
>
>The "Code Red" worm, currently exploding on the Internet courtesy of
>a hole in Microsoft's server software, is fascinating. I don't want
>to overhype it, but it's symptomatic of how fundamentally screwed-up
>Internet security is. Yes, I realize that Microsoft has issued a
>patch. But even if 95% of sites installed the patch, the remaining
>5% represent enough fire-power to organize a catastrophic DDOS attack.
>There are millions of sites out there, and scores of patches that they
>ought to be installing, and it's not surprising that vast numbers of
>sites, Microsoft and Sun and everything else, are full of known holes.
>I'm not saying a catastrophic attack is going to happen tomorrow, but
>day by day we're so close to the edge that it blows my mind. We have
>been rebuilding our whole civilization on top of a technology that
>is imploding before our eyes. The lights stay on only because none
>of the malicious hackers, or the 13-year-olds who use their scripts,
>feels like turning them off yet. What's wrong with us?
>
>Thanks to the Internet reader who gathered most of these URL's.
>
>
>"Code Red" Worm Set to Flood Internet
>http://news.cnet.com/news/0-1003-200-6617292.html
>
>This article opens as follows:
>
> An analysis of the fast-spreading "Code Red" computer worm reveals
> that infected computers are programmed to attack the White House Web
> site with a denial-of-service attack Thursday evening, potentially
> slowing parts of the Internet to a crawl.
>
> The worm has compromised more than 100,000 English-language servers
> running Microsoft's Web server software as of late Thursday. In
> addition, each of those infected computers are expected to flood the
> Whitehouse.gov address with data starting at 5 p.m. PDT, according
> to an analysis by network-protection company eEye Digital Security.
>
>That's right now. The White House Web site appears to be operational,
>however.
>
>This article is more skeptical about the potential for damage, though
>impressed by the numbers:
>
> More Up-to-date CRW news, including updated infection estimates
> http://www.newsfactor.com/perl/story/12154.html
>
>Here are more technical analyses:
>
>Original analaysis of "Code Red" Worm from eEye
>http://www.securityfocus.com/templates/archive.pike?list=1&start=2001-07-15&mid=197828&end=2001-07-21&fromthread=0&threads=0&
>
>Updated analysis of CRW from eEye
>http://www.securityfocus.com/templates/archive.pike?list=1&start=2001-07-15&mid=198068&end=2001-07-21&fromthread=0&threads=0&
>
>SANS Incident diary for 18 July, with lots of statistics
> (content of the URL may change - as of 19 July 2350 GMT, was good)
>http://www.incidents.org/diary/diary.php
>
>Code Red Worm: Killed By Reboot
>http://www.newsfactor.com/perl/story/12116.html
>
>Various topics, including CRW:
>http://www.eeye.com/~apps/modules/Forum/threads.asp?cat=t%2E0430%2E225832%2E446478&filter=90
>
>
>an unrelated worm that is also spreading very fast right now
>http://www.wired.com/news/infostructure/0,1377,45397,00.html
>
>-----------------------------------------------------------------------
>The System Wide Emergency and Maintenance list will bring you only
>information critical to your account and your use of Lightlink.
>If you wish to be removed from this list contact homer at lightlink.com.
>-----------------------------------------------------------------------