Return-Path: <sentto-279987-1536-996753088-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 02 Aug 2001 04:52:08 -0700 (PDT) Received: (qmail 12842 invoked by uid 510); 2 Aug 2001 10:53:49 -0000 Received: from n11.groups.yahoo.com (216.115.96.61) by 204.181.12.215 with SMTP; 2 Aug 2001 10:53:49 -0000 X-eGroups-Return: sentto-279987-1536-996753088-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by c3.egroups.com with NNFMP; 02 Aug 2001 11:51:28 -0000 X-Sender: ellisd@cs.ucsb.edu X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_2_0); 2 Aug 2001 11:51:27 -0000 Received: (qmail 69847 invoked from network); 2 Aug 2001 11:51:27 -0000 Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 2 Aug 2001 11:51:27 -0000 Received: from unknown (HELO n31.groups.yahoo.com) (10.1.2.220) by mta1 with SMTP; 2 Aug 2001 11:51:26 -0000 X-eGroups-Return: ellisd@cs.ucsb.edu Received: from [10.1.10.96] by hp.egroups.com with NNFMP; 02 Aug 2001 11:51:25 -0000 To: iwar@yahoogroups.com Message-ID: <9kberq+93kj@eGroups.com> In-Reply-To: <20010801141020.15769.qmail@web14502.mail.yahoo.com> User-Agent: eGroups-EW/0.82 X-Mailer: eGroups Message Poster X-Originating-IP: 128.29.4.1 From: ellisd@cs.ucsb.edu Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 02 Aug 2001 11:51:22 -0000 Reply-To: iwar@yahoogroups.com Subject: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit --- In iwar@y..., "e.r." <fastflyer28@y...> wrote: > > --- Fred Cohen <fc@a...> wrote: > > JUL 31, 2001 > > China Skeptical Code Red PC Worm of Chinese Origin > > By REUTERS > > Filed at 8:27 a.m. ET [snip] > > ``I've never heard of anything so powerful in China. > > This is not something that an ordinary person has the > > skill to create,'' said the expert at the State Office > > of Network and Information Safety who gave his surname > > as Fang. > > > This centralized state comp organizations along with Bejong Rising are > China's Top Guns on Iwar. This could be some of the best OPSEC, or > disinformation in the float, but I doubt it. While China has good CS > people, the majority of whom we trained, it has fiscal limits and > governmental lack of understanding. Unless the Boys from Bejing see > you as a hugh vlaue added, you will be treated as a mass of analysts, > no room for young guns with us training to show their stuff > individually, for the most part. > > No question that Code Red is Bad Stuff but unless we have a better > handle on who and why, will are still just fighting fires, usless a > large cash infusion this problem is fothcomming. I don't really think the "who" and "why" really matter right now. The "how" is the only really important question. The "who" doesn't matter because anybody (any motivated computer geek) could do it. The rash of worms over the last year, with the exception of this code red worm, have all come out of the same mold. Many of the worms reused code from past worms and just replaced the exploit being used and the lines of code that determined what the worm did when it infected a host. Anybody who can read code and write low-level code could have (relatively easily) created a new worm (uses a different exploit to propagate). For every permutation of exploits out there (and there are thousands of exploits), a new worm is possible. Until we are able to better patch our systems (bad solution) or create more secure systems (better, but harder solution), worms are going to continue to be a problem. Attribution will be nearly impossible and meaningless. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Small business owners... Tell us what you think! http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:38 PDT