[govsec] Morris Worm and a Change in Direction

jmetz at intac.com jmetz at intac.com
Sat Nov 6 14:26:13 EST 2004 

True but with a sacrificial lamb, the mail server, and the redundancy of a
secondary backup server in line this is a literally minor problem

communications don't go down if the system is locked so that nothing can
be changed in the registry and NO Programs are allowed to be executed then
the problem ceases to exist

remember we are discussing something that is for a systems security the
failure to implement adequate security affected the state of New Jersey
last week on every system that the State had

Postini does a similar job by pre screening  all mail on their own site

http://postini.com

There are other commercial systems in operation but they can be far too
effective screening out desired mail (something all the services admit
does happen more often than not.)

The reality is that Government can not afford to contract out mail services.

Too many whistle blowers would never make contact if they were aware that
third or fourth parties could read or discuss their knowledge with the
people they are reporting.

So lets see are there any other suggestions that might work in controlling
Governmental services and securing both hardware and data so that the
attackers have no way in to the servers mail web and ftp ?

Proactive response to the threats while maintaining open communication
with the public is the need of the Governmental public INTERNET connection
other wise we are going to end up in something entirely different, that is
not a democracy not a republic.

john





>
> :     Translating content into what should be equivalent content in
> : another form is used. Some of the problems recently seen with image
> : formats containg exploits just shows that there are few safe data
> : formats.
>
> It isn't just that the format isn't secure that we need to worry
> about. You propose that a system be implemented to scan and convert
> between MIME/file types. Historically, these implementations are just as
> insecure as anything else. How many vulnerabilities are there related to
> e-mail scanning systems (virus, content, etc)?
>
> : jpeg <-> gif <-> jpeg as an example could be done at the gateway to
> : clean up images and remove steganography. Likewise mp3 <-> wma <-> mp3
> : could be used do the same.
>
> This still poses a risk. Instead of a gif or jpg being used to execute
> arbitrary code when rendered in a browser, it could just as well be
> designed to execute when processed by the engine that converts.
>
> _______________________________________________
> govsec mailing list
> govsec at attrition.org
> http://www.attrition.org/mailman/listinfo/govsec
>

More information about the govsec mailing list