[Esa-l] Outgoing Mail

John D. Hardin jhardin at impsec.org
Tue Aug 14 07:22:58 PDT 2001


On Mon, 13 Aug 2001, Lee Howard wrote:
>
> Innocent bystanders must protect themselves. Nobody can be on the
> internet while allowing themselves to follow insecure practices
> (knowingly or not) and be considered innocent. There is an
> implicit "internet driver's license" of sorts.

ROFL!

Unfortunately that's the hugest part of the problem. Microsoft has
made it trivially easy to connect to the Internet if you're ignorant,
and by definition someone who's ignorant is *not aware* of these
issues.

Why else were so many thousands of home-user IIS servers infected by
Code Red? The "admin" was not even aware that a web server had been
installed, or that security advisory services had announced a remote
root exploit, or that a patch was available, or even in many cases
that the worm existed and had already infected them and was attacking 
others. 

Why else does SirCam continue to spread? People continue to
double-click on attachments, even though "DON'T OPEN UNEXPECTED
ATTACHMENTS!" is being shouted from the rooftops.

Why else do people getting twenty or fifty or a hundred bounces from
sanitized servers rejecting their SirCam attacks send me mail asking
what is going on and please stop sending them all these annoying
messages?

(Note please that I do distinguish between "ignorant" and "stupid.")

I respectfully suggest you give up that world view. Rosy as it is,
it's woefully unrealistic.

Further, part of your responsibility as an administrator is to do your
best to ensure your systems don't attack others' systems. This means
things like egress filters, blocking outbound traffic to certain
services like NetBIOS, RPC and NFS, and scanning for viruses in sent
mail.

(Random closing thought: integrating Passport into XP might well make
it possible to *enforce* an Internet Driver's License: "Warning: your
computer has been infected with SirCam fifteen times this month.
Microsoft Passport will not allow you to log onto the Internet until
you have attended a Remedial Safe Internet Practices course and
obtained a password indicating you've passed the minimum
requirements.")

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  In 1998 more than three times as many people in the US were killed
  by incompetent physicians than were killed by handguns, yet the
  President of the A.M.A. is adopting "gun safety" as his platform.
-----------------------------------------------------------------------
   1176 days until the Presidential Election



More information about the esd-l mailing list