[209] in Security FYI
[Security-fyi] Recent Worm-related disables
daemon@ATHENA.MIT.EDU (Bob Mahoney)
Fri Aug 22 19:46:32 2003
Mime-Version: 1.0
Message-Id: <p05200f03bb6c576fc0d6@[18.18.1.170]>
Date: Fri, 22 Aug 2003 19:43:45 -0400
To: security-fyi@MIT.EDU, itpartners@MIT.EDU
From: Bob Mahoney <bobmah@MIT.EDU>
Content-Type: text/plain; charset="us-ascii"
Errors-To: security-fyi-bounces@mit.edu
Rough FYI...
We still have a large machines on the net that are compromised, but have not yet been removed.
Of these, we have sent notifications of the problem to about 250 users. Our mail to them suggests they unplug the machines and proceed to clean up. We will disable unmanaged hosts after we catch upon restores.
We have less than 50 machines still off, where the user has requested to be turned back on. Due to staff overload and the significant mailhub delays of late, some of these users have waited much longer than any of us would like.
Please understand that we are doing all that we can, and that we do understand the impact on departments and individuals.
While some small amount of work will likely continue over the weekend, many of the people who have been on this task will be unavailable in the coming week. To address this, we will be putting a team of new workers *solely on restorations* after training on Monday.
I will be away this next week, and Linda LeBlanc will be supervising the ongoing effort. She will be able to contact me if necessary.
Factoid for your amusement: A test machine not patched for this vulnerability was placed on the network today. It was compromised in less than 1 minute...
-Bob
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
