<RANT>
The one thing that bothers me about this is that the vulnerability that
they are exploiting was patched almost two months ago. The day that the
vulnerability was announced, there was an easy fix: upgrade BIND to
8.2.3-REL. I did 5 servers in under an hour, and with no interruption to my
users or to the public sites. Not having time just doesn't fly here. I
can't imagine that there is anyone out there in a sysadmin or security role
that doesn't know about the vulnerability. This worm just shouldn't be able
to damage a site. If it does, then that is an easy way to spot the
sysadmins that aren't doing their jobs.
</RANT>
Kenny
At 08:48 AM 3/23/01 -0800, Ken Ambrose wrote:
>Several experts from the security community worked through the night to
>decompose the worm's code and engineer a utility to help you discover
>if the Lion worm has affected your organization.
>
>Wow -- *I've* always wanted to decompose a worm's code; Mother Nature
>strikes again! Seriously, though, this does look pretty gnarly; check out
>http://www.sans.org/y2k/lion.htm for the full scoop -- trojans, e-mails,
>password files, etc., etc., etc. Once this guy gets you, it's probably
>time to reformat your system.
>
>-Ken
>
>
>
>**********************************************************
>To unsubscribe from this list, send mail to
>[EMAIL PROTECTED] with the following text in the
>*body* (*not* the subject line) of the letter:
>unsubscribe gnhlug
>**********************************************************
-------------------------------------------------
Kenneth E. Lussier
Geek by nature, Linux by choice
PGP KeyID 0xD71DF198
Public key available @ http://pgp.mit.edu
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
