[ale] MS trying to blind side Linux via tcp/ip?

Thu Aug 16 13:29:10 EDT 2001

> 
> As a technologist, what I see in Code Red is an illustration of a
> practical limit to how many identical systems can be somehow
> interconnected.  

Code Red comes from a simple kiddie hacker.  What have caught us
off guard is the fact it exploits a security problem in the Index 
Server, not IIS.  It also makes some very simple assumption about
the filesystem structure, like \InetPub is in C driver.  It is 
also an illustration of a failure of the MS user-interface model, 
where ease-of-use becomes a huge liability.

Code Red will go away soon.  And hopefully, people learn a valuable 
lesson about Internet security.  How many of you have learned it
the hard way not to put a Red Hat server on-line before hardening
it?

One final note, I have one IIS server that was infected.  What has
saved me is the fact I put \InetPub at the "wrong" place.  It is
just amazing how stupid these kiddie hacker scripts are, but also
how painful it is for the damage they can cause. 

> Learn from biology.  Varying degrees of susceptibility to a given
> pathogen gives populations a means to protect itself.  Even the Black
> Death wound down after a while.  If we were all the same and if we all
> lived crammed together in too small an area, any contagious bug that
> would cout down one of us would very likely cut down ALL of 
> us.  That's
> kind of what we've done with the Internet - hook up millions of nearly
> identical entities to each other, effectively cramming them into the
> same closet.  Almost makes you wish there were fifty different Web
> servers in wide use instead of, what, four (Apache, IIS, iPlanet, and
> Zeus)?  

A few years ago, I was calculating how long the Internet and PC will
destroy our electrical power distribution system.  I think it shows
that 2002/2003 will cause a melt-down in the power grids if the 
exponential growth of Internet/telecommunication/PC office devices
is allowed.

Do I believe in it?  No!

It is still eery since I could have predicted the California problems
early this summer.  It is so easy to manipulate the numbers, expecially
those "exponential" ones, for one's own predictions.  

I just wonder if any of the so-called technological media personalities 
have claimed successes relating to it.

Bao
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.