Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin

From: e.r. (fastflyer28@yahoo.com)
Date: 2001-08-03 10:13:54


Return-Path: <sentto-279987-1547-996858921-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 03 Aug 2001 10:17:14 -0700 (PDT)
Received: (qmail 695 invoked by uid 510); 3 Aug 2001 16:17:41 -0000
Received: from n20.groups.yahoo.com (216.115.96.70) by 204.181.12.215 with SMTP; 3 Aug 2001 16:17:41 -0000
X-eGroups-Return: sentto-279987-1547-996858921-fc=all.net@returns.onelist.com
Received: from [10.1.4.52] by c9.egroups.com with NNFMP; 03 Aug 2001 17:15:22 -0000
X-Sender: fastflyer28@yahoo.com
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_2_0); 3 Aug 2001 17:15:21 -0000
Received: (qmail 58019 invoked from network); 3 Aug 2001 17:13:56 -0000
Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 3 Aug 2001 17:13:56 -0000
Received: from unknown (HELO web14501.mail.yahoo.com) (216.136.224.64) by mta3 with SMTP; 3 Aug 2001 17:13:56 -0000
Message-ID: <20010803171354.38494.qmail@web14501.mail.yahoo.com>
Received: from [12.78.118.20] by web14501.mail.yahoo.com; Fri, 03 Aug 2001 10:13:54 PDT
To: iwar@yahoogroups.com
In-Reply-To: <9kberq+93kj@eGroups.com>
From: "e.r." <fastflyer28@yahoo.com>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 3 Aug 2001 10:13:54 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

I disagree that "who" is totally meaningless in this equation. 
Who-will determine how things are done in most cases involving foreign
military.  That is why FME is an important field, but I give you points
for your argument.  



--- ellisd@cs.ucsb.edu wrote:
> --- In iwar@y..., "e.r." <fastflyer28@y...> wrote:
> > 
> > --- Fred Cohen <fc@a...> wrote:
> > > JUL 31, 2001
> > > China Skeptical Code Red PC Worm of Chinese Origin
> > > By REUTERS
> > > Filed at 8:27 a.m. ET
> [snip]
> 
> > > ``I've never heard of anything so powerful in China.
> > > This is not something that an ordinary person has the
> > > skill to create,'' said the expert at the State Office
> > > of Network and Information Safety who gave his surname
> > > as Fang.
> > > 
> > This centralized state comp organizations along with Bejong Rising 
> are
> > China's Top Guns on Iwar.  This could be some of the best OPSEC, or
> > disinformation in the float, but I doubt it.  While China has good 
> CS
> > people, the majority of whom we trained, it has fiscal limits and
> > governmental lack of understanding.  Unless the Boys from Bejing
> see
> > you as a hugh vlaue added, you will be treated as a mass of 
> analysts,
> > no room for young guns with us training to show their stuff
> > individually, for the most part.
> > 
> > No question that Code Red is Bad Stuff but unless we have a better
> > handle on who and why, will are still just fighting fires, usless a
> > large cash infusion this problem is fothcomming.
> 
> I don't really think the "who" and "why" really matter right now. 
> The 
> "how" is the only really important question.  The "who" doesn't
> matter 
> because anybody (any motivated computer geek) could do it.  The rash 
> of worms over the last year, with the exception of this code red
> worm, 
> have all come out of the same mold.  Many of the worms reused code 
> from past worms and just replaced the exploit being used and the
> lines 
> of code that determined what the worm did when it infected a host.  
> Anybody who can read code and write low-level code could have 
> (relatively easily) created a new worm (uses a different exploit to 
> propagate).  For every permutation of exploits out there (and there 
> are thousands of exploits), a new worm is possible.  Until we are
> able 
> to better patch our systems (bad solution) or create more secure 
> systems (better, but harder solution), worms are going to continue to
> 
> be a problem.  Attribution will be nearly impossible and meaningless.
> 
> 
> 


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Small business owners...
Tell us what you think!
http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT