[Esa-l] Outgoing Mail

Michael Geier, CDM Systems Admin mgeier at cdmsports.com
Tue Aug 14 07:41:51 PDT 2001

yes, I can see it now...

now part of the curriculum for BS in Business Administration, Remedial
Internet 101

	Remedial Internet 101
	"Basic steps to using the internet, including:
		Netiquette, or "removing your CAPS-LOCK key in 3 easy steps"
		Email Theory, or "no, UCE is not an educational institution"
		Web Design Theory, or "why your designer is saying NO! to the <blink> tag"
		Web Server Theory, or "why Apache IS better than IIS"
		Fluid Dynamics, or "buying rounds for your Sysadmin so he doesn't expose
your p0rn collection"

	3 credit hrs."

Michael Geier
CDM Sports, Inc. - Systems Administrator
    email: mgeier at cdmsports.com
    phone: 314.991.1511 x 6505
    pager: 314.318.9414

-----Original Message-----
From: esa-l-admin at spconnect.com [mailto:esa-l-admin at spconnect.com]On
Behalf Of John D. Hardin
Sent: Tuesday, August 14, 2001 9:23 AM
To: Email Security Announce list
Subject: RE: [Esa-l] Outgoing Mail

On Mon, 13 Aug 2001, Lee Howard wrote:
> Innocent bystanders must protect themselves. Nobody can be on the
> internet while allowing themselves to follow insecure practices
> (knowingly or not) and be considered innocent. There is an
> implicit "internet driver's license" of sorts.


Unfortunately that's the hugest part of the problem. Microsoft has
made it trivially easy to connect to the Internet if you're ignorant,
and by definition someone who's ignorant is *not aware* of these

Why else were so many thousands of home-user IIS servers infected by
Code Red? The "admin" was not even aware that a web server had been
installed, or that security advisory services had announced a remote
root exploit, or that a patch was available, or even in many cases
that the worm existed and had already infected them and was attacking

Why else does SirCam continue to spread? People continue to
double-click on attachments, even though "DON'T OPEN UNEXPECTED
ATTACHMENTS!" is being shouted from the rooftops.

Why else do people getting twenty or fifty or a hundred bounces from
sanitized servers rejecting their SirCam attacks send me mail asking
what is going on and please stop sending them all these annoying

(Note please that I do distinguish between "ignorant" and "stupid.")

I respectfully suggest you give up that world view. Rosy as it is,
it's woefully unrealistic.

Further, part of your responsibility as an administrator is to do your
best to ensure your systems don't attack others' systems. This means
things like egress filters, blocking outbound traffic to certain
services like NetBIOS, RPC and NFS, and scanning for viruses in sent

(Random closing thought: integrating Passport into XP might well make
it possible to *enforce* an Internet Driver's License: "Warning: your
computer has been infected with SirCam fifteen times this month.
Microsoft Passport will not allow you to log onto the Internet until
you have attended a Remedial Safe Internet Practices course and
obtained a password indicating you've passed the minimum

 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  In 1998 more than three times as many people in the US were killed
  by incompetent physicians than were killed by handguns, yet the
  President of the A.M.A. is adopting "gun safety" as his platform.
   1176 days until the Presidential Election
E-mail Security Announce list mailing list
E-mail Security Announce list at spconnect.com

More information about the esd-l mailing list