A Wake-up Slap for Linux Administrators

 
 
By Jim Rapoza  |  Posted 2002-09-16 Email Print this article Print
 
 
 
 
 
 
 

eLABorations: New 'Slapper' worm shows the importance of diligent patching—yet again

Right now is not a good time to try and run a secure commerce Web site, at least if youre a Web administrator who forgets to patch systems. On the heels of the late-summer discovery of security holes in both Apache and Microsofts Commerce Server, a new worm is cleverly exploiting a month-and-half-old security hole in the OpenSSL secure transactions application used by Apache and other Web servers. The Slapper worm, which specifically attacks Linux systems running Apache and is reportedly the first to use a peer-to-peer architecture to spread itself, has had little trouble finding unpatched systems to exploit (although compared to much more virulent worms such as Nimda, Slappers progress has been characterized as slow). This is despite the fact that a patch for the hole that Slapper exploits was made available the same day the hole was announced.
It used to be that Unix and Linux system administrators were much more likely to monitor, fix and patch their systems than were their Windows servers counterparts. Generally, they had a pretty good feel for the internal workings of their systems, since they had customized so much themselves.
I guess the poor patching record that Slapper is taking advantage of is an unintended consequence of the inroads Linux has made in reaching nongeek users. Even more confusing is that, according to the latest Netcraft Web server survey, administrators of secure Web servers appear to be less likely to update their servers than those administering standard Web servers. Given the fact that SSL is used to secure business transactions and sensitive information, this makes no sense at all. One would think that after all this time wake-up calls are no longer necessary, but I guess thats not the case. Its a simple fact: If there is a security hole, then someone will write something that exploits it. Its much nicer to be on the side of those who have patched and are unaffected by the ensuing worms and viruses than to be one of the victims.
And for those of you who have patched and would like to do something else to stop the spread of worms like Slapper, you might want to take a look at one of my favorite utilities, LaBrea, which prevents worms from spreading. Do administrators who fail to patch their servers get what they deserve? Let me know at jim_rapoza@ziffdavis.com.
 
 
 
 
Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel