CNET News.com

Get more news with News.com Extra.
Advanced Search

Waiting for the worm to turn up

Last modified: August 1, 2003, 4:21 PM PDT
By Robert Lemos
Staff Writer, CNET News.com
Print story E-mail story Your take

reporter's notebook LAS VEGAS--With all the black clothes and fatalism, security researchers here might as well be attending a conference on late Russian authors.

The black clothes go with the security territory at the Black Hat Security Briefings; the fatalism comes from waiting for a worm writer to take advantage of a widespread Windows vulnerability.

The vulnerability, in a component of Microsoft's operating system that allows people to remotely access certain functions on a computer--such as printing and file sharing--was made public by the software giant on July 16. Nine days later, a hacking group in China and an American security researcher released code that exploits the flaw.

Security experts are now just waiting for the other shoe to fall. The fear: The DefCon hacker convention being held this weekend will be the trigger for some online vandal to write a worm.

"Oh yeah, there is a lot of awareness right now," said Marcus Sachs, cybersecurity program director for the U.S. Department of Homeland Security. "We definitely have the three watches paying attention."

The three watches are the Federal Computer Incident Response Center (FedCIRC), the National Communications System (NCS) and the National Infrastructure Protection Center (NIPC).

The Department of Homeland Security issued an alert earlier this week warning companies and government agencies to lock down their systems.

"Because of the significant percentage of Internet-connected computers running Windows operating systems and using high-speed connections (DSL or cable, for example), the potential exists for a worm or virus to propagate rapidly across the Internet carrying payloads that might exploit other known vulnerabilities in switching devices, routers or servers," the agency warned.

Microsoft personnel at the conference also carried an air of fatalism about the worm. Members of the Secure Windows Initiative said that the company was on watch. Other sources indicated that the company was taking extraordinary steps, such as requiring employees to patch their machines quickly or risk being disconnected from the corporate network.

The software giant had been hit hard by the SQL Slammer worm, a self-spreading program that took advantage of a six-month-old flaw that even Microsoft hadn't completely excised from its systems.

A security manager from a large financial firm said that the patching process was being slowed by the large number of computers that had to be fixed.

"We are making progress," he said. "But we still only have half our systems patched."

The gloomy outlook is not universal. A systems administrator for a university research institute said that his group had machines patched and had added firewall rules to limit the potential of being hit.

"If we aren't ready now, we never will be," he said.

Your take Have an opinion on this story? Share it with other News.com readers.

White papers, Webcasts and case studies about securityMore results
Your take
Post a comment


No discussion exists, click here to start it.



toshibadirect.com





Latest Headlines

Copyright 2004 CNET Networks, Inc. All Rights Reserved. Privacy Policy | Terms of Use