Blaster, yaha, bugbear, code red, SQL slammer etc., happened after the
patches were released ... Did the patches help the attackers or are there
more day zero attacks?

--

Nick wrote:
Is your question in reference to anything, or just a flight of ideas?

Notan

From: "Nick" <psstcenter@shaw.ca>

| Blaster, yaha, bugbear, code red, SQL slammer etc., happened after the
| patches were released ... Did the patches help the attackers or are there
| more day zero attacks?
|
| --
|

You facts are incorrect. The patches were released, in some cases like the RPC/RPCSS DCOM
vulnerability and the Lovsan/Blaster outbreak, after the worms were disseminated.

In some cases yes. However, that doesn't mean that everyone installed the patches. I just
recently ran across a post one someone who was affected by a RPC/RPCSS DCOM exploit in a
Microsoft Windows XP General News Group.


Patches mitigate exploits. They don't assist exploitation code.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Nick wrote:
Actually most the time the patches do help the attackers, unless its a
zero-day vulnerability of corse, because the creaters of the worms, etc.
reverse engeneer the patches to figure out what they fix. They then
right the code. This only works because people are too lazy to patch.
If people patched within the first couple of days then it wouldn't be a
problem.

I don't understand why big corporations can't just set asided once a
month, ex. 3am the night of black tuesday, to update all their
vulnerable products, that way there is minimal downtime and they aren't
at risk of attacks.

--
Meph

From: "teh Mephisto" <dont.worry@bout.it>


| Actually most the time the patches do help the attackers, unless its a
| zero-day vulnerability of corse, because the creaters of the worms, etc.
| reverse engeneer the patches to figure out what they fix. They then
| right the code. This only works because people are too lazy to patch.
| If people patched within the first couple of days then it wouldn't be a
| problem.
|
| I don't understand why big corporations can't just set asided once a
| month, ex. 3am the night of black tuesday, to update all their
| vulnerable products, that way there is minimal downtime and they aren't
| at risk of attacks.
|
| --
| Meph

I don't think so !

Nobody needs to reverse engineer patches. Once exploit code is created, it is shared
amongst the hackers/VX'ers. The objective is to write an exploit while there is no known
fix such that the exploitation will have the maximum effect for their given payload.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman wrote:
With some exploits, they do. The Sober Virus wasn't released until
after they reverse engeneered the patch to make the exploit code. Then
the exploit code was spread about but before that there was no previous
exploit code.

--
Meph

teh Mephisto wrote:

Honestly, it is because most big IT shops are out of control with the
complexity of their systems. The last ten years software companies have had
a small scam going. They hook you in and often make it impossible to work
with other vendors. Now, software quality while increasing more complex
have also become lower in quality.

Now, the end result, patches can make or break you and most of the time it
is breaking you.

Im

Juergen Nieveler wrote:

Hummmm too lazy? You obviously work in a small shop. In big complex IT shops
you need to test the patch within you network BEFORE installation.
Especially when you are using Windows....

Im

David H. Lipman wrote:

Well, yes and no. Yes not only does patches mitigate exploits but also
hackers have been known to backwards engineer viruses and worms from them
too....

"Imhotep" <Imhotep@nospam.net> wrote in message
news:P9OdncMdkvXhedjeRVn-iw@adelphia.com...
<snip>

Cite?

Thought not... ;o)

I suspect a half-edit there (done it myself, enough times).. are you
/really/ suggesting that software over the last 10 years is more proprietary
than before?!?

Hmm.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

From: "Juergen Nieveler" <juergen.nieveler.nospam@arcor.de>


| Back in the days of Code Red, the majority of sites being hit were small
| shops and home users who sometimes didn't even remember they had
| installed IIS.
|
| The big complex IT shops mostly were unharmed - mainly because they
| didn't use IIS, of course, back then Apache was really the only choice
| for large scale webservers ;-)
|
| Juergen Nieveler
| --
| "With the first link, a chain is forged. The first speech censured, the
| first thought forbidden, the first freedom denied - chains us all
| irrevocably." * Captain Jean-Luc Picard, Star Trek: TNG, "The Drumhead"

Yepper -- I remember the outbreak.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Hairy One Kenobi wrote:

Are you asking for a cite that is referencing my experiences???

Just ask anyone who has worked at a big IT shop for their thoughts... ;o)


No. I am saying that the complexity of software has become more complex and
*still* very difficult to construct a cross platform
solution....intentionally.



Im

"Imhotep" <Imhotep@nospam.net> wrote in message
news:Ts6dnW66u-8OmtreRVn-hg@adelphia.com...
Yes.

Know hundreds. Literally. I daresay most would wet themselves if you tried
to justify how a mix of (just to take a single aspect) DECnet, SNA, IPX,
Token Ring and Ethernet were somehow easier to manage than today's world,
where everything has a 10-1000Mbps Ethernet port and runs over TCP/IP. And
that this was a scam to make systems /less/ interoperable.

Google for "Java". (Yes, and I know all about .NET; but also about some
outstanding Java fixes owed to us by Sun from 1997. And TCL as a supported
platform. So I can sort of sympathise)

While it isn't exactly /easy/ to integrate older systems (i.e. legacy
systems that are [hint, hint] more than 10 years old), it can be done. Hell,
that's part of what I've been doing since joining my current company in
early 1999.

If you've ever had to actually do it (and I have), then it's very clear
where the trend has been going. XML/SOAP may be fiddly to program (something
else we've been doing, but only since 2001), but beats writing your own
integration platform from scratch ;o)

So, here's a bit of homework for you - explain, in 200 words or less, why it
is much harder to share information from a Windows box with XML/SOAP stub
services, HTTP and NFS than, say, a Novell machine that only understands IPX
and has no integration services. Your target platform is a Linux box in a
TCP/IP-only DMZ. The choice of platforms is deliberate )

To give yourself a glimpse of what you're up against, Google for "Tomcat".

H1K

Imhotep wrote:

Winged

Indeed! I work in a large (dunno how many but probably in 4 figures)
environment, and Windoze 2003 is doing our heads in. It's a multi-domain
setup, and machines are leaving and reconnecting to the domains for no
reason that we can find - out of control!!

Steve

Winged wrote:

"Steve Welsh" <nobody@linux.bogus> wrote in message
news:tJmdndZqg4PxO9DeRVnyhA@eclipse.net.uk...
Thanks all for answering my question.
From what I understood, releasing patches is a good thing in theory, but a
bad thing in practice.
There will be less attacks if there will be less released patches, right?

Nick

Nick wrote:
they add new features till it breaks.

Winged

"Nick" <psstcenter@shaw.ca> wrote in message
news:Y9i3f.160927$oW2.123142@pd7tw1no...

<snip>

... in some respects; they'd be limited to the unpatched and often well-known
security holes.

You can't really win: "there's always one more bug". And, judging by
Microsoft's plethora of patches yesterday, a lot of it is down to the fact
that certain idiots still refuse to either use common code or pay attention
to buffer limits. Basic stuff. Dumb mistakes.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!