Kevin Poulsen, SecurityFocus 2000-05-10
Love Letter worm was an "utter, abject failure" of industry, says one Congressman. Industry blames liberal judges.
Colapse all |
Post comment
Virus?
2000-05-11
Anonymous (1 replies)
Anonymous (1 replies)
Virus?
2000-05-11
Anonymous (1 replies)
Anonymous (1 replies)
Man. Do you know how to say it. I totally agree with you and virus writing. Just because someone writes program that could be, or is a virus, they shouldn't be punished. A virus is one of the hardest programs to write, and if you accomplish that, then you have made it.
Also, I like what you s...
[ more ] [ reply ]
Also, I like what you s...
[ more ] [ reply ]
Not a virus, a feature!
2000-05-12
Anonymous
Anonymous
ILOVEYOU was less virus and more of a user feature in Outlook that has been repeatedly exploited. In an effort to make mail possible for the viscerally hemorrhaging, the door has been left open to exploitation. It isn't a virus, it is a feature. As the congressman points out, it exploits a simila...
[ more ] [ reply ]
[ more ] [ reply ]
Well. the industry is *sort* of right....
2000-05-11
Anonymous (1 replies)
Anonymous (1 replies)
The basic problem is liability: if a company sold anything else that worked as badly as software they'd be sued into oblivion. If management lived in fear of being found grossly negligient for stuff like this the problem would
fade quite quickly.
If congress/government wants ot fix the problem ...
[ more ] [ reply ]
fade quite quickly.
If congress/government wants ot fix the problem ...
[ more ] [ reply ]
Well. the industry is *sort* of right....
2000-05-17
Anonymous
Anonymous
The analogy doesn't work at all for me.
I don't support stringient punishment for faulty software (that is not mission critical -- air traffic control, heart monitors, etc. excepted) because the severity of the crime is not that great.
I don't believe severe punishment of "virus" writers for ...
[ more ] [ reply ]
I don't support stringient punishment for faulty software (that is not mission critical -- air traffic control, heart monitors, etc. excepted) because the severity of the crime is not that great.
I don't believe severe punishment of "virus" writers for ...
[ more ] [ reply ]
laws
2000-05-11
Anonymous (1 replies)
Anonymous (1 replies)
There IS a magic bullet, common sense.
2000-05-11
Anonymous (3 replies)
Anonymous (3 replies)
We live in a networked world. ILOVEYOU and simular attacks take advantage of single user operating systems that have a high level of assumed trust. They trust that any program run on them by the user should be given full system access. the ILOVEYOU virus didn't effect unix systems because it wasn...
[ more ] [ reply ]
[ more ] [ reply ]
There IS a magic bullet, common sense.
2000-05-11
Anonymous (1 replies)
Anonymous (1 replies)
I can only agree with the previous comment. The magic bullet sits in front of every keyboard. It is unfortunate however that the "magic bullet" is not being loaded. The virus could only be spread by executing it. And in the case of ILOVEYOU it had to be opened multiple times finally executed in ...
[ more ] [ reply ]
[ more ] [ reply ]
There IS a magic bullet, common sense.
2000-05-12
Anonymous (1 replies)
Anonymous (1 replies)
I can't fully agree here. Just because you're paranoid (or smart, whatever might be the case ;) you're not 100% safe anyways. You say that one shouldn't open mails from untrusted people, but hey, this one mailed itself to people on your list, thus people you know. It didn't randomly mail itself to F...
[ more ] [ reply ]
[ more ] [ reply ]
There IS a magic bullet, common sense.
2000-05-12
Anonymous
Anonymous
Good points Stefan, The (stupid) user who opens any *.exe, *.vbs, *.js ... is the problem. Unfortunatly the "educated" user sometime does not think either. I work tech support for a US Gov agency and one of the first infections at our site was another tech supporter who got an email from a contrac...
[ more ] [ reply ]
[ more ] [ reply ]
There IS a magic bullet, common sense.
2000-05-15
Anonymous
Anonymous
Firstly, the fact that normal common sense doesn't stop this virus has been thoroughly explained in other follow-ups.
What I would like to point out is that any multi-user-Unix-like system is NOT intrinsically more secure in this case. All the access the worm would need would be to the user's loc...
[ more ] [ reply ]
What I would like to point out is that any multi-user-Unix-like system is NOT intrinsically more secure in this case. All the access the worm would need would be to the user's loc...
[ more ] [ reply ]
not a/v politics to blame
2000-05-11
Anonymous (1 replies)
Anonymous (1 replies)
with governments passing laws that shield sw makers from
criticsms and responsibility for there programs (dcma, utica wich out law reverse enginering commenting on quality of programs etc..) is it any wonder we have viruses like this running rampant
(ok well common occurances anyway) the politions...
[ more ] [ reply ]
criticsms and responsibility for there programs (dcma, utica wich out law reverse enginering commenting on quality of programs etc..) is it any wonder we have viruses like this running rampant
(ok well common occurances anyway) the politions...
[ more ] [ reply ]
Not just politics, but profits, as well.
2000-05-12
Anonymous
Anonymous
Politics plays a part, especially when incompetents such as John Hamre and Michael Vatis are given actuall credence by "news" vendors.
It plays like this:
Industry refuses to pay for real security. Angry jerk looses clumsy attack program, gets lucky. Large numbers of the clueless and unfortunat...
[ more ] [ reply ]
It plays like this:
Industry refuses to pay for real security. Angry jerk looses clumsy attack program, gets lucky. Large numbers of the clueless and unfortunat...
[ more ] [ reply ]
the surefire way not to get a virus.....
2000-05-11
Anonymous (2 replies)
Anonymous (2 replies)
here is a simple way to ensure you will never get hit by Love Letter or any other email based virus......DON'T OPEN EMAIL ATTACHMENTS!!! its that simple...
[ more ] [ reply ]
[ more ] [ reply ]
the surefire way not to get a virus.....?
2000-05-12
Anonymous
Anonymous
Do not open attachments? None of them? Here is something to ponder!
Helen, a VP in the NY office calls Herb a VP in the Tokyo office:
Herb, Helen, I'm sending you the latest Yakomoto proposal for you to look at. Frank is Fed-exing it now, you should get it early the day after tommorrow. Lo...
[ more ] [ reply ]
Helen, a VP in the NY office calls Herb a VP in the Tokyo office:
Herb, Helen, I'm sending you the latest Yakomoto proposal for you to look at. Frank is Fed-exing it now, you should get it early the day after tommorrow. Lo...
[ more ] [ reply ]
Put the blame where it belongs
2000-05-11
Anonymous (1 replies)
Anonymous (1 replies)
For congress to blame the anti-virus industry for "allowing" this to happen is ludicrous and shows the technological ignorance of the very politicians who want to leglislate the Internet.
Blaming the anti-virus industry for not having anticipated and blocked this attack is like blaming the manuf...
[ more ] [ reply ]
Blaming the anti-virus industry for not having anticipated and blocked this attack is like blaming the manuf...
[ more ] [ reply ]
Put the blame where it belongs
2000-05-11
Anonymous
Anonymous
Absolutely! Microsoft has had since Melissa to plug these holes! It is a total disregard to security, and quite frankly, Microsoft should be held mainly responsible for this. The rest of the blame is to be placed on network administrators who have a lacking sense of security by using Microsoft produ...
[ more ] [ reply ]
[ more ] [ reply ]
The US Gov. CAN'T be that stupid!
2000-05-11
Anonymous (1 replies)
Anonymous (1 replies)
I'm not trying to make a threat, but I think that the last thing the US government wants to do is fire all the now employed hardworking ex hackers out there. They can barely handle the script kiddies of the world, if even one tenth of the "fire-ees" got mad and resorted to online violence there wou...
[ more ] [ reply ]
[ more ] [ reply ]
The US Gov. CAN'T be that stupid!
2000-05-11
Anonymous
Anonymous
The government isn't stupid. You cant afford to pay the government what microsoft pays. The us already has more prisoners per capita than almost any nation in the wold by a factor of 5. What makes you think they care about doubling that given the fact that they've already decided to replace ...
[ more ] [ reply ]
[ more ] [ reply ]
How about penalizing MS for such a stupid E-mail client design
2000-05-11
Anonymous (1 replies)
Anonymous (1 replies)
Since when does E-mail need access to local client scripting? Huh?
That is so incredibly mind-numbingly dumb!!!!
Daniel...
[ more ] [ reply ]
That is so incredibly mind-numbingly dumb!!!!
Daniel...
[ more ] [ reply ]
This is ridiculous!
2000-05-11
Anonymous
Anonymous
A couple of points here:
1) While the Anti-virus industry could do a better job of preventing generic malicious code such as preventing a VB/VBA script embedded in an email from accessing an address book, such responsibility lies more largely on Microsoft for making it possible in the first plac...
[ more ] [ reply ]
1) While the Anti-virus industry could do a better job of preventing generic malicious code such as preventing a VB/VBA script embedded in an email from accessing an address book, such responsibility lies more largely on Microsoft for making it possible in the first plac...
[ more ] [ reply ]
Valuable Employees
2000-05-11
Anonymous
Anonymous
I firmly disagree with making it illegal to hire former hackers. For one, the term hacker has been widely mis-used in the media. Where do we draw the line on who is or was a hacker, or the more accurate term, cracker?
In addition, *former* crackers can be extremely valuable to companies in securi...
[ more ] [ reply ]
In addition, *former* crackers can be extremely valuable to companies in securi...
[ more ] [ reply ]
Obviously Congress's House Science Committe isn't familar with something called Civil Rights
2000-05-11
Anonymous (1 replies)
I like the ideas that the House presented, to say the least, they made me laugh. First is the idea to draft a bill to make it illegal to write a virus. How can this be one of the "few exceptions to the first ammendment," so soon after the Supreme Court just ruled that source code, and progr...
[ more ] [ reply ]
Anonymous (1 replies)
I like the ideas that the House presented, to say the least, they made me laugh. First is the idea to draft a bill to make it illegal to write a virus. How can this be one of the "few exceptions to the first ammendment," so soon after the Supreme Court just ruled that source code, and progr...
[ more ] [ reply ]
Obviously Congress's House Science Committe isn't familar with something called Civil Rights
2000-05-11
Anonymous
Anonymous
If worms were made illegal, then distributed processing would essentially
be illegal. Technically, I guess multiprocessors and parallel processing
in general could fall into that category. How does a 4096-processor cray
T3E that dispatches thousands of identical processes differ from a
worm?...
[ more ] [ reply ]
be illegal. Technically, I guess multiprocessors and parallel processing
in general could fall into that category. How does a 4096-processor cray
T3E that dispatches thousands of identical processes differ from a
worm?...
[ more ] [ reply ]
who does he think he is?
2000-05-11
Anonymous
Anonymous
what does this moron think? the reason that worm was so affective was because of people doing stuff i highly doubt companies want their employees to be doing, checking checking email that has nothing to do with the company. They think that because he's some hot shot hero of a security advisory that ...
[ more ] [ reply ]
[ more ] [ reply ]
Virus?
2000-05-11
Anonymous
Anonymous
Obviously this is an issue centered around liability. Congress has lack of sense of itself when it comes to matters that they(congress and other related government offices) have little or no control over. From those in the field, the ILU was a minor problem, just like most viruses that are written...
[ more ] [ reply ]
[ more ] [ reply ]
Awareness
2000-05-12
Anonymous
Anonymous
Many people (not all) who use Outlook don't pay attention to file extensions when opening attachments, plus aren't aware of things like VBScript.
It's the way PC software is evolving - it's made too easy, too many things are automated without the user's knowledge, and suddenly you can send execut...
[ more ] [ reply ]
It's the way PC software is evolving - it's made too easy, too many things are automated without the user's knowledge, and suddenly you can send execut...
[ more ] [ reply ]
Maybe Microsoft should be Sued for sloppy security
2000-05-12
Anonymous (1 replies)
Anonymous (1 replies)
They clearly don't stipulate in the applications that you install that certain things will make you vulnrable?
After all, all that really matters is making the sale... right?
If Microsoft made their money in service, rather than software sales, they would actually maybe care about the customer...
[ more ] [ reply ]
After all, all that really matters is making the sale... right?
If Microsoft made their money in service, rather than software sales, they would actually maybe care about the customer...
[ more ] [ reply ]
Maybe Microsoft should be Sued for sloppy security
2000-05-12
Anonymous (2 replies)
Anonymous (2 replies)
They didn't need to plug it. Why didn't these people that didn't use it simply turn it off. Oh too busy making money to learn how to use the software. and bye the way maybe if Microsoft wasn't kept busy defending it't success in the courts it could do some of the things you want. and finally if you'...
[ more ] [ reply ]
[ more ] [ reply ]
Maybe Microsoft should be Sued for sloppy security
2000-05-15
Anonymous
Anonymous
Learn from the natural world. It is VARIETY that protects life from falling to a single pestilence. Diversity is what protects life.
Microsoft promotes the "One World, One net, One program" philosophy.
What could be more dangerous to national security? world security?
It was 1] the unifo...
[ more ] [ reply ]
Microsoft promotes the "One World, One net, One program" philosophy.
What could be more dangerous to national security? world security?
It was 1] the unifo...
[ more ] [ reply ]
Maybe Microsoft should be Sued for sloppy security
2000-05-15
Anonymous
Anonymous
Microsoft's success was not based on its merit but by it abusive and illegal practices. While the latest skirmish surrounds its attempt to stomp Netscape, how many recall what MS did to WordPerfect? Under MSdos, non-MS applications were dominate, like WordPerfect and Lotus. WordPerfect was admire...
[ more ] [ reply ]
[ more ] [ reply ]
Do you honestly think that heuristics could have detected this thing?
2000-05-12
Anonymous (1 replies)
Anonymous (1 replies)
After the fact, I down-graded my anti-virus definition files (I use both Norton and NAI mainly), turned on the heuristics to their 'highest level' (meaning that I turned them on... the little slide bar with three settings actually has two... off, off, and on.). I then scanned the original lovebug v...
[ more ] [ reply ]
[ more ] [ reply ]
Do you honestly think that heuristics could have detected this thing?
2000-05-12
Anonymous
Anonymous
Then there would be no need to 'buy' upgrades.
It does seem that [in hindsight] these scanners could use a little more OS savvy, and examine [watch for] Scripting, oddball extensions, etc.
HOWEVER, just as soon as this happens, public view will once again shift, stating that there is 'too much ov...
[ more ] [ reply ]
It does seem that [in hindsight] these scanners could use a little more OS savvy, and examine [watch for] Scripting, oddball extensions, etc.
HOWEVER, just as soon as this happens, public view will once again shift, stating that there is 'too much ov...
[ more ] [ reply ]
Misinformed public
2000-05-12
Anonymous
Anonymous
Nothing shows the general public's stupididy about who the real ememies are than these comments..
"Do you have any former hackers on your staff?," Gutknecht asked England.
"We basically don't hire those people," said England -- a sentiment quickly echoed by the other three witnesses.
Do you ...
[ more ] [ reply ]
"Do you have any former hackers on your staff?," Gutknecht asked England.
"We basically don't hire those people," said England -- a sentiment quickly echoed by the other three witnesses.
Do you ...
[ more ] [ reply ]
Try this...
2000-05-12
Anonymous
Anonymous
You walk into a bar (Windows) After the usual looking around (surfing the WEB), you see someone that looks attractive and you get to talking and decided after a while that the two of you should spend the night together (you click on an e-mail that says "ILOVEYOU"). You wake up the next morning and f...
[ more ] [ reply ]
[ more ] [ reply ]
Role of the Businesses Who got Sacked
2000-05-12
Anonymous
Anonymous
Yes, ignorance was the helping factor for ILU. And as much as I blame naive users for clicking blindly, and also Microsoft for allowing vb scripts to run unseen and unwarned, there is another group that I'm astounded by for their blatent lack of help: the so-called IT professionals or sys-admins ...
[ more ] [ reply ]
[ more ] [ reply ]
oh my heavens
2000-05-12
Anonymous (1 replies)
Anonymous (1 replies)
oh my heavens
2000-05-12
Anonymous (1 replies)
Anonymous (1 replies)
No not really.
We elected them, after all.
Wizard's First Rule: People are stupid....
[ more ] [ reply ]
We elected them, after all.
Wizard's First Rule: People are stupid....
[ more ] [ reply ]
Anti-Virus companies to blame? please
2000-05-12
Anonymous (1 replies)
Anonymous (1 replies)
Which analogy to use? There are so many apt ones...
Let's blame policemen for not having preventing crimes from occurring.
Let's blame firemen for not preventing anything from catching on fire.
Let's blame drug companies for not preventing some A** H*** from tampering with the aspirin and kill...
[ more ] [ reply ]
Let's blame policemen for not having preventing crimes from occurring.
Let's blame firemen for not preventing anything from catching on fire.
Let's blame drug companies for not preventing some A** H*** from tampering with the aspirin and kill...
[ more ] [ reply ]
Criticism of AV industry and Microsoft are both justified
2000-05-17
Anonymous
Anonymous
I used to work in the Anti-Virus industry (for about six years) and when Microsoft brought out the VBScript and Scripting Host concepts I could see both the good and bad sides...
'ILuvYou', and other VBScript 'viruses' that are currently circulating, are only the tip of the iceberg. The threat o...
[ more ] [ reply ]
'ILuvYou', and other VBScript 'viruses' that are currently circulating, are only the tip of the iceberg. The threat o...
[ more ] [ reply ]
Can you make virus writing a cr...
[ more ] [ reply ]