From: k claffy [mailto:kc@ipn.caida.org] Sent: Tuesday, July 24, 2001 10:36 PM
almost makes me wonder if some white hat might (should?) have been behind CodeRed as some 'vaccination' attempt.
Stop wondering. IMHO "White hats" that crack into systems should be treated the same as "black hats" that crack into systems. Throw them in jail and RO them from even thinking the word "computer" ever again (A few years, on a chain-gang, might do them some good ... sun ... excersize ... daylight ... fresh air ... they might lose that pasty complexion). <from someone whom has lost way too many days cleaning up the messes after>.
This assault also demonstrates that machines operated by home users or small businesses (hosts less likely to be maintained by a professional sysadmin) are integral to the robustness of the global Internet. As is the case with biologically active
Do you always let your stereotyping lead you by the nose like this ...? Home users ... maybe. Small businesses ... not.
From: CERT Advisory [mailto:cert-advisory@cert.org] Sent: Tuesday, July 24, 2001 6:50 PM
CERT Advisory CA-2001-21 Buffer Overflow in telnetd
Original release date: July 24, 2001 Last revised: -- Source: CERT/CC
Systems Affected
Systems running versions of telnetd derived from BSD source.
How many of us here run anything less than SSH and even allow telnetd to live on any of our hosts?