On Thu, Jan 30, 2003 at 10:39:17AM -0800, hino(a)ccrl.sj.nec.com said:
> IIRC, MS's patches has been digitally signed by MS, and their patching
> system checks these sign silently. So, they will claim that
> compromised route info and/or DNS spoofing does not affect their
> correctness.
>
> Though, I'm not sure what will happen in key revoking situation.
interesting side note ... top of the page right now at http://www.ntk.net
details a similar problem facing MS in the UK currently. (Remember when they
forgot to renew hotmail.com, and some kind Linux geek fixed it for them ...
well, apparently their entry in the Data Protection Register (UK) expired
January 8. This means all personal data held by them in the UK is now illegal
(passport, anyone?) I wonder if something like this would be useful (or even
possible) in the US, of if it would be just another opportunity for
bureaucratic bungling ...)
> Koji
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
We have completed our preliminary analysis of the spread of the
Sapphire/Slammer SQL worm. This worm required roughly 10 minutes to
spread worldwide making it by far the fastest worm to date. In the
early stages the worm was doubling in size every 8.5 seconds. At its
peak, achieved approximately 3 minutes after it was released, Sapphire
scanned the net at over 55 million IP addresses per second. It
infected at least 75,000 victims and probably considerably more.
This remarkable speed, nearly two orders of magnitude faster than Code
Red, was the result of a bandwidth-limited scanner. Since Sapphire
didn't need to wait for responses, each copy could scan at the maximum
rate that the processor and network bandwidth could support.
There were also two noteworthy bugs in the pseudo-random number
generator which complicated our analysis and limited our ability to
estimate the total infection but did not slow the spread of the worm.
The full analysis is available at
http://www.caida.org/analysis/security/sapphire/http://www.silicondefense.com/sapphire/http://www.cs.berkeley.edu/~nweaver/sapphire/
David Moore, CAIDA & UCSD CSE
Vern Paxson, ICIR & LBNL
Stefan Savage, UCSD CSE
Colleen Shannon, CAIDA
Stuart Staniford, Silicon Defense
Nicholas Weaver, Silicon Defense and UC Berkeley EECS