[Esa-l] Outgoing Mail

Simon Matthews simon at paxonet.com
Tue Aug 14 09:17:29 PDT 2001


Have you read the exploits of the BOFH, posted on www.theregister.co.uk?


At 09:41 AM 8/14/01 -0500, Michael Geier, CDM Systems Admin wrote:
>yes, I can see it now...
>now part of the curriculum for BS in Business Administration, Remedial
>Internet 101
>         Remedial Internet 101
>         "Basic steps to using the internet, including:
>                 Netiquette, or "removing your CAPS-LOCK key in 3 easy steps"
>                 Email Theory, or "no, UCE is not an educational institution"
>                 Web Design Theory, or "why your designer is saying NO! to 
> the <blink> tag"
>                 Web Server Theory, or "why Apache IS better than IIS"
>                 Fluid Dynamics, or "buying rounds for your Sysadmin so he 
> doesn't expose
>your p0rn collection"
>         3 credit hrs."
>Michael Geier
>CDM Sports, Inc. - Systems Administrator
>     email: mgeier at cdmsports.com
>     phone: 314.991.1511 x 6505
>     pager: 314.318.9414
>-----Original Message-----
>From: esa-l-admin at spconnect.com [mailto:esa-l-admin at spconnect.com]On
>Behalf Of John D. Hardin
>Sent: Tuesday, August 14, 2001 9:23 AM
>To: Email Security Announce list
>Subject: RE: [Esa-l] Outgoing Mail
>On Mon, 13 Aug 2001, Lee Howard wrote:
> >
> > Innocent bystanders must protect themselves. Nobody can be on the
> > internet while allowing themselves to follow insecure practices
> > (knowingly or not) and be considered innocent. There is an
> > implicit "internet driver's license" of sorts.
>Unfortunately that's the hugest part of the problem. Microsoft has
>made it trivially easy to connect to the Internet if you're ignorant,
>and by definition someone who's ignorant is *not aware* of these
>Why else were so many thousands of home-user IIS servers infected by
>Code Red? The "admin" was not even aware that a web server had been
>installed, or that security advisory services had announced a remote
>root exploit, or that a patch was available, or even in many cases
>that the worm existed and had already infected them and was attacking
>Why else does SirCam continue to spread? People continue to
>double-click on attachments, even though "DON'T OPEN UNEXPECTED
>ATTACHMENTS!" is being shouted from the rooftops.
>Why else do people getting twenty or fifty or a hundred bounces from
>sanitized servers rejecting their SirCam attacks send me mail asking
>what is going on and please stop sending them all these annoying
>(Note please that I do distinguish between "ignorant" and "stupid.")
>I respectfully suggest you give up that world view. Rosy as it is,
>it's woefully unrealistic.
>Further, part of your responsibility as an administrator is to do your
>best to ensure your systems don't attack others' systems. This means
>things like egress filters, blocking outbound traffic to certain
>services like NetBIOS, RPC and NFS, and scanning for viruses in sent
>(Random closing thought: integrating Passport into XP might well make
>it possible to *enforce* an Internet Driver's License: "Warning: your
>computer has been infected with SirCam fifteen times this month.
>Microsoft Passport will not allow you to log onto the Internet until
>you have attended a Remedial Safe Internet Practices course and
>obtained a password indicating you've passed the minimum
>  John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
>  jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
>   768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
>  1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
>   In 1998 more than three times as many people in the US were killed
>   by incompetent physicians than were killed by handguns, yet the
>   President of the A.M.A. is adopting "gun safety" as his platform.
>    1176 days until the Presidential Election
>E-mail Security Announce list mailing list
>E-mail Security Announce list at spconnect.com
>E-mail Security Announce list mailing list
>E-mail Security Announce list at spconnect.com

More information about the esd-l mailing list