I was just cruising my news after the dramatic win by the Patriots in Super Bowl XXXVIII and was amazed to see more security news about MyDoom than ever. A quote from Jason Meserve at NetworkWorldFusion caught my attention. "It still amazes me that viruses that rely on someone opening an e-mail and executing an unknown attachment continue to work," states Meserve. Have the so-called security experts employed by ISP's, businesses, and government fallen asleep at the wheel? Apparently. Any organization that gets hit by a mass mailing worm should summarily fire their security staff, especially when tools and methods abound to protect you against these beasts.

Here are two very good resources for protecting yourself and your network against mass mailing worms and viruses from the guys at Slipstick Systems:

• Protecting Microsoft Outlook against Viruses
• Windows Script Host and Outlook Virus Propagation

Here is Microsoft's official word on detection, prevention, and recovery if you are hit by MyDoom.

The propagation of viruses and worms like MyDoom and Sobig not only point out the deficiencies in Microsoft products, but also to the deficiencies in IT operations. Configuration, patch, and security management are the areas that need more focus to prevent these viruses and worms from spreading. Unfortunately not many IT types like to step back and really think through what it takes to run their shop. Nor does stepping back and thinking about operations receive much support from management. If it did we wouldn’t be looking at billions of dollars of losses when these viruses hit. These things only get bigger each time they hit. What’s it going to take?

I wonder if there is any data out there that can tell you if the same organizations that bore the brunt of Sobig are also bearing the brunt of MyDoom? Wouldn’t that be interesting?

posted: 11:01:03 PM  permalink  trackback ()  comments ()    

I've been exploring ways to get off Radio this past week since experiencing some severe pains posting while traveling this last week and over the weekend. I'm still experiencing pains. I don't expect this post to show up on the site for some hours as a result of having to start and stop FTP upstreaming to complete an entire site upstream. I have found a bunch of scripts that migrate users from Radio to MoveableType. This is the most helpful post I found as it references the origins of most Radio to MoveableType scripts. I was unable to get it to run properly because of the way it was looking for and parsing dates. I discovered this script actually parses the local html copy that Radio can produce when the “Keep local backup” preference is turned on. This script should be parsing the files produced by the “Archiving in XML” preference instead. These files have a predictable structure that prevents having to write any fancy parsing algorithms. You will still have to convert the date as Radio uses a funky format. The one thing I have not yet figured out is how to move comments from the Radio system to the standalone MoveableType system.

posted: 9:17:57 AM  permalink  trackback ()  comments ()    

I've been having some conversations with people and thinking about the US Government creation of US-CERT. Despite what the governments says I still believe it is a take over of CERT organization at Carnegie Mellon. CERT has traditionally received a very high percentage of their funding from the US National Science Foundation or other US Government agencies. To the credit of the US Government, they recognized a valuable asset that they were not fully leveraging, but paying for, and are making moves to leverage it to protect the nation’s infrastructure. What kind of protection or how they will protect the nation’s infrastructure has yet to be publicly disclosed. I hope that changes in the types of reporting, announcements, and analysis are more immediately forthcoming.

posted: 7:55:22 AM  permalink  trackback ()  comments ()