Return-Path: <sentto-279987-1547-996858921-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 03 Aug 2001 10:17:14 -0700 (PDT) Received: (qmail 695 invoked by uid 510); 3 Aug 2001 16:17:41 -0000 Received: from n20.groups.yahoo.com (216.115.96.70) by 204.181.12.215 with SMTP; 3 Aug 2001 16:17:41 -0000 X-eGroups-Return: sentto-279987-1547-996858921-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by c9.egroups.com with NNFMP; 03 Aug 2001 17:15:22 -0000 X-Sender: fastflyer28@yahoo.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_2_0); 3 Aug 2001 17:15:21 -0000 Received: (qmail 58019 invoked from network); 3 Aug 2001 17:13:56 -0000 Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 3 Aug 2001 17:13:56 -0000 Received: from unknown (HELO web14501.mail.yahoo.com) (216.136.224.64) by mta3 with SMTP; 3 Aug 2001 17:13:56 -0000 Message-ID: <20010803171354.38494.qmail@web14501.mail.yahoo.com> Received: from [12.78.118.20] by web14501.mail.yahoo.com; Fri, 03 Aug 2001 10:13:54 PDT To: iwar@yahoogroups.com In-Reply-To: <9kberq+93kj@eGroups.com> From: "e.r." <fastflyer28@yahoo.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 3 Aug 2001 10:13:54 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit I disagree that "who" is totally meaningless in this equation. Who-will determine how things are done in most cases involving foreign military. That is why FME is an important field, but I give you points for your argument. --- ellisd@cs.ucsb.edu wrote: > --- In iwar@y..., "e.r." <fastflyer28@y...> wrote: > > > > --- Fred Cohen <fc@a...> wrote: > > > JUL 31, 2001 > > > China Skeptical Code Red PC Worm of Chinese Origin > > > By REUTERS > > > Filed at 8:27 a.m. ET > [snip] > > > > ``I've never heard of anything so powerful in China. > > > This is not something that an ordinary person has the > > > skill to create,'' said the expert at the State Office > > > of Network and Information Safety who gave his surname > > > as Fang. > > > > > This centralized state comp organizations along with Bejong Rising > are > > China's Top Guns on Iwar. This could be some of the best OPSEC, or > > disinformation in the float, but I doubt it. While China has good > CS > > people, the majority of whom we trained, it has fiscal limits and > > governmental lack of understanding. Unless the Boys from Bejing > see > > you as a hugh vlaue added, you will be treated as a mass of > analysts, > > no room for young guns with us training to show their stuff > > individually, for the most part. > > > > No question that Code Red is Bad Stuff but unless we have a better > > handle on who and why, will are still just fighting fires, usless a > > large cash infusion this problem is fothcomming. > > I don't really think the "who" and "why" really matter right now. > The > "how" is the only really important question. The "who" doesn't > matter > because anybody (any motivated computer geek) could do it. The rash > of worms over the last year, with the exception of this code red > worm, > have all come out of the same mold. Many of the worms reused code > from past worms and just replaced the exploit being used and the > lines > of code that determined what the worm did when it infected a host. > Anybody who can read code and write low-level code could have > (relatively easily) created a new worm (uses a different exploit to > propagate). For every permutation of exploits out there (and there > are thousands of exploits), a new worm is possible. Until we are > able > to better patch our systems (bad solution) or create more secure > systems (better, but harder solution), worms are going to continue to > > be a problem. Attribution will be nearly impossible and meaningless. > > > __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ------------------------ Yahoo! Groups Sponsor ---------------------~--> Small business owners... Tell us what you think! http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT