On Thu, 2 Aug 2001, Saliya Wimalaratne wrote:
> News on the J's this morning mentioned Code Red; no MS or IIS.
> News on commercial TV night-before-last and last night mentioned Code Red,
> no MS or IIS.
The press seem to have also been unusually reticent when it comes to
allocating blame. I mean, we simply haven't had worms of this magnitude
propagate through anything but a Microsoft system. Yet I haven't read of
anyone being pissed off at MS because of it.
The FBI is out there issuing joint statements with MS. Hello?
MS: We wrote some software which we spoon fed to as many vendors as
possible using our massive market leverage. We don't allow anyone to vet
our source code, but we encouraged a lot of people to put their trust in
us anyway. Our software routinely falls victims to this current type of
exploit. This one is particularly cunning, and in fact it may be attacking
your servers now, FBI. It also apparently attacks the white house - I hear
they went to the trouble of moving their IP address, but that won't stop
the massive internet congestion that results from the worm. A lot of money
will probably be lost through bandwidth reductions and link downtime. We
released a patch, but the 'plug-and-play' facilities on which we sell our
software have attracted a lot of users who aren't likely to frequently
monitor zero day patches for security holes and take appopriate action.
This all okay with you, and the general public?
FBI: Yes.
General Public: Huh? Hackers are attacking the whitehouse!! Cletus, get my
rifle!
Come on! Accountability for software screw-ups is nigh! Bring on the
lawsuit and the lethal injection.
-- Luke Burton | <- You must be smarter than this stick to ride the Internet
This archive was generated by hypermail 2.1.1 : Fri Aug 31 2001 - 03:10:02 EST