[14289] in cryptography@c2.net mail archive
Re: Reliance on Microsoft called risk to U.S. security
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Fri Sep 26 02:01:04 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 26 Sep 2003 17:52:26 +1200
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: rah@shipwright.com, rahettinga@earthlink.net
Cc: cryptography@metzdowd.com
"R. A. Hettinga" <rah@shipwright.com> forwarded:
>But the security experts said the issue of computer security had more to do
>with the ubiquity of Microsoft's software than any flaws in the software.
There was an example of a point raised in the paper the same day it was
published, when two anti-spam services (monkeys.com and compu.net) were both
DDOSed out of existence by (as the monkeys.com admin put it) "thousands of
separate zombie machines". Although the anti-spam services were (I would
assume) not running Microsoft software, Windows provided the "convenient and
susceptible reservoir of platforms from which to launch attacks". In addition
the users of the anti-spam services would be mostly Unix boxen (e.g. Postfix
users pulling in the monkeys.org hash-lists or sendmail users using the
compu.net RBL), so ironically the only systems that wouldn't be adversely
affected by this are the ones that are causing the problem.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com