I was not involved with American Express, CNN, or the SD Courts, and I
don't have any knowledge of those specific incidents however some of the
"others" you imply or do not name specifically I was involved with...
one government example was shut down for a few days for major
architectural changes to the network security infrastructure at about
that time. The cleanup/disinfection/forensic investigation performed for
the cracked systems was handled in the traditional way without delay or
extraordinary effort. But, those that handled the security compromise
illustrated to the organizations management how likely it was that they
would get owned again immediately and how irresponsible their current
setup was given the type of data stored and transmitted. I was impressed
with how quickly a government office approved the proposed fixes which
involved budgetary commitments and operational changes including 24x7
human monitoring of intrusion detection/prevention systems and firewalls
for both ingress and egress traffic.
The corrections were made within a week of that and portions were shut
down instantly until that work was done. This was a responsible
preventative response to shutdown.
The way I read your description made it sound like they spent days
fighting their computers. It's not the way the projects I was involved
in happened.
I hate Windows as much s the next guy, but in this case that I speak
of, even if they were all running non-Windows OSes, they would have been
owned. The fact that they were owned and discoverd it kicked off the
recovery and redesign and the temporary shutdown. The services exposed
to the Internet, the degree of maintenance and general awareness there
was a train wreck waiting to happen. It happened. It has been very
nicely taken care of. :o)
BTW - it's just bot or `bot, not BOT. It's short for robot not an
acronym. :o)
On Mon, 2008-05-05 at 10:35 -0700, Doug LaRue wrote:
> ** Reply to message from Tracy R Reed <[EMAIL PROTECTED]> on Sun, 04 May
> 2008 21:22:05 -0700
>
> > I agree. We shouldn't be worried about the Chinese hacking our systems
> > via the Internet. We should be worried about them taking advantage of
> > something like this and conducting industrial espionage on a grand
> > scale. Why don't Qualcomm or any of the local companies who supposedly
> > strongly protect their "IP" worry about this?
>
> I don't know if you remember this but a few years ago, there was an exploit
> published for Windows which came through Internet Explorer. IIRC, it might
> have been the WMF exploit. Microsoft did not provide a patch for this for a
> number of months and only could recommend that the browser be locked down
> so much that a number of standard Windows "features" no longer worked
> and that was all we heard from them for a few months. In a conversation
> at that time with American Express and one of my other credit card processing
> vendors, I asked if, while they were managing my account, they used MS
> Internet
> Explorer and if they also had/used it for internet access. They said yes. When
> asked why they would be doing this and risking the loss of my financial
> records,
> insisted that there was no way their security people would risk their
> customers
> data. It did not matter what I said regarding this.
>
> FYI, there's an article out on how China is known to be actively 'poking' at
> India
> networks and that BOTs, keyloggers, and network mapping are the primary
> tools used. BOTs and keyloggers only work once you are inside the system.
> And that story I mentioned above, about a year later, American Express, CNN,
> man San Diego City departments and corporations around the country were
> shutdown for a few days because an undetected BOT was in their computers.
> They only found out about it because the BOT would cause some versions
> of Windows and patches to reboot. ie, the BOT software crashed the OS.
>
> So there is constantly evidence of not only major flaws in Microsofts software
> and their slow response to these, but also a willingness to accept this as the
> norm and do little about it. Both in the private sector and government sector.
> Did you know the San Diego County Courthouse just had their computer
> systems shutdown for a week because of a Windows infection? Do you even
> think anyone is talking about a more secure and reliable platform? I don't.
>
> Sometimes, evidence is actually an accumulation of facts showing past
> practices
> which lends validity to even quickly hidden stories such as the NSA keys.
>
> Doug
>
>
--
************************************************************
Michael J. McCafferty
Principal, Security Engineer
M5 Hosting
http://www.m5hosting.com
You can have your own custom Dedicated Server up and running today !
RedHat Enterprise, CentOS, Ubuntu, Debian, OpenBSD, FreeBSD, and more
************************************************************
--
KPLUG-List@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
