ibe98765 Posted September 10, 2003 Share Posted September 10, 2003 I was corresponding with a magazine columnist about this virus and the fact that he got hit by it through a VPN company connection to his network. He now has both a hardware and has added a software firewall on each machine. I made the mistake of thinking that because I had a well buttoned down hardware firewall, I was OK (actually, I was out of town during the whole Blaster business). But I forgot that VPNs tunnel right through the firewall. In my rush to get ready for vacation, which began with my son’s wedding, I hadn’t installed the Microsoft DCOM patch and, yes, port 135 was wide open inside the firewall. Live and learn. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted September 10, 2003 Share Posted September 10, 2003 Yes that is recommended by most security experts.*Moved to Security and Networking Quote Link to comment Share on other sites More sharing options...
Marsden11 Posted September 10, 2003 Share Posted September 10, 2003 A trusted machine is the only access through a VPN connection, regardless of the hardware firewall. So he infected himself while away? Quote Link to comment Share on other sites More sharing options...
ibe98765 Posted September 11, 2003 Author Share Posted September 11, 2003 A trusted machine is the only access through a VPN connection, regardless of the hardware firewall. So he infected himself while away?Well, his company did. Guess they didn't have the patch on either. To avoid further embarassment, I won't reveal the name of this national business magazine Quote Link to comment Share on other sites More sharing options...
Marsden11 Posted September 11, 2003 Share Posted September 11, 2003 Had he applied the patch when it was first released in July... it would have been a non-event.I suspect at some point MS will just make WU full auto and not trust users to properly take care of their machines. Quote Link to comment Share on other sites More sharing options...
ibe98765 Posted September 13, 2003 Author Share Posted September 13, 2003 Good story in CNET...----------------------------------DAVID BERLINDA day in the life of a Microsoft security patchIn 17 days, Microsoft turned the discovery of MSBlaster into a patch for that vulnerability. Most corporations wouldn't dream of putting their own 17 day-old (or less) code into production. I decided to find out how Redmond does it. Join me behind the scenes with Microsoft's Security Response Center. http://ct.com.com/click?q=4c-jxi2IZpKiktPk...RcTHv0y5ob30edR Quote Link to comment Share on other sites More sharing options...
ibe98765 Posted September 18, 2003 Author Share Posted September 18, 2003 Teenage Computer Worm Suspect Indicted in Seattle Sep 17, 8:18 PM (ET) SEATTLE (Reuters) - Jeffrey Lee Parson, the teenager suspected of creating a variant of the destructive Blaster worm, appeared in a Seattle court on Wednesday to face one count of causing damage to a computer.Parson, 18, a burly high school senior from Hopkins, Minnesota, pleaded not guilty to the charge of intentionally causing or attempting to cause damage to a computer. He faces a maximum of 10 years in prison and a $250,000 fine if convicted.According to a complaint filed in the Western District of Washington, Parson had told law enforcement officials that he created a variant of the worm, which exploited a flaw in Microsoft Corp.'s Windows software.Blaster and its variants are self-replicating Internet worms that bore through a Windows security hole, harnessing computers to launch concerted data attacks via the Internet.Parson, flanked by two federal public defenders, appeared in a gray T-shirt, jeans and sneakers. Standing over 6 feet (183 cm) tall and weighing over 300 pounds (136 kg), he sported a bleach-blond Mohawk haircut and occasionally wiped sweat from his forehead.Judge Mary Alice Theiler set the next court date for Nov. 17.Judge Theiler ordered that Parson continue to be held under house arrest, although his attorneys secured an amendment that would allow him to leave home to work in addition to being able to leave to attend school.Parson was banned from using the Internet, surfing the World Wide Web or using messaging services during his trial. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.