Blasters Near Miss and an Apology From Microsoft
Blaster may or may not be the worm that almost ate the computing world, and there's still hot spots of variant activity. Along with an examination of Blaster's aftermath, Security Supersite Editor Larry Seltzer passes on Microsoft's apology for mishandlin
When it rains it pours. Just as IT managers and other security response personnel seemed to turn the corner on the Blaster worm (a k a LoveSAN), the issue became moot for many of us here in the Northeast as our computers shut down for lack of power. Many are still juiceless days later. But like the blackout, Blaster was a bad situation that could have been a whole lot worse and on Monday morning we can take a long look at both and breath a sign of relief. The point where Blaster lost was Friday when
Now theres always the chance that the next worm will try to launch a DOS attack on the right address, but that was always a possibility. Besides, the next worm wont likely have as great a penetration because so many more users have by now--hopefully--applied the patch.
- In an effort to encourage customers to install the critical patch associated with Microsoft Security bulletin MS03-026, Microsoft contracted a third party to manage the logistics of distributing an e-mail advisory. The timing of the e-mail coincided with a hoax Microsoft e-mail in circulation. While we continue to believe that taking additional action to promote patch application was the correct decision, we understand that the tactic was poorly executed and we are reevaluating our policies regarding the use of third parties to disseminate security information.
Now, Im not sure what the part about the "hoax" e-mail means, but overall it sounds contrite to me, and a good thing. In another step towards clarity, the Web site at email.microsoft.com no longer reads like a marketing-gobbledygook promo for Digital Impact. Instead, it offers a prominent link to a simple opt-out form. Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.