Experts anxious over possible Net attack

[MemorY]

Government and industry experts are increasingly concerned about brewing hacker activity they consider a precursor to a broad Internet attack that will target a serious flaw in Windows software from Microsoft.

http://www.cnn.com/2003/TECH/interne....ap/index.html

[Gwala]

Just a potential concept, but the current pubically 'availible' information suggests wide flaw in windows, I am suspicious this may be affecting the recent windows RPC bug discovered by LSD, as it is widely unpatched, and easily exploited. Most likely, if anything comes of this, it will be soon, before said flaw is patched.

Of course, on the other hand - it could be just hype. I'm yet to see convincing evidence of an attack, nor any discussion outside the media.

-Adam

[Maverick811]

Hype or not? Who knows for sure.. Obviously the RPC flaw is critical, obviously all users (system admins, home users, etc) need to patch their affected versions of Windows, there is no doubt about that. But will there be some major attack by the kiddies, pros, etc? I just don't know.. I understand that tools and such are being developed and perfected so they can take advantage of this flaw, but I just don't know if this widescale attack is going to happen..

Nevertheless, there is most certainly reason to be concerned, because this flaw could be huge.. Therefore I can't fault anyone (Experts, government, etc.) about getting anxious over the possibility of widescale attacks.. Better safe than sorry, right?

Best thing to do is patch, patch, patch...

[Syini666]

Heres another good article on the impact of the exploit and the potential for worms to be written taking advantage of the hole.

Waiting For The Worms

Its pushing the idea that there will be worms using the exploit by xmas of this year. Should be interesting to see if it lives up to all the hype, or fizzles out?

[jxrry59]

Hackers using M$ security flaws for an attack, officials worried, sounds like some desk jockey needed to get something published.

[DeadAddict]

I expect a few attacks but nothing on a wide scale provided that a patch is made and it does not make another problems arise

[Gurou]

yeah they also talk about the new exploit that targets various windows platforms (48)

Whereas the original DCOM RPC exploit code worked only on machines running English language versions of Windows 2000, recent modifications show that the code has been adapted to exploit the same vulnerability on French, Chinese, Polish, German and Japanese versions of Windows 2000, XP and NT. (See http://www.k-otik.com/exploits/07.30.dcom48.c.php )

news from computerweekly -

[8*B@LL]

Originally posted here by DeadAddict
I expect a few attacks but nothing on a wide scale provided that a patch is made and it does not make another problems arise

Yes, there is a patch available, but how many XP users do you think actually keep up to date on patches? I'd guess not that many.

If a worm were properly designed this could easily surpass anything nimda or code red ever did, because it effects home users who are much less likely to patch than sys admins are.

[spetard]

there are paches for xp but howmany users will apply them? not to manny if they have to do it themselves, if the auto update bubble comes up they will always do it later because they are busy or dont want to have to restart there computer this is one of the reasons your company has to have a good security policy and pach mamangement policies in place and make sure that users actualy follow them

[ommy]

ummm...yes I agree...I think its just a media hype....system administrators are wise enough to make installl patches....
i dunno ....may be some commercial benefits behind this hype...