Monday, August 4, 2003 |
15:52 - We Love the Leader!
|
(top) |
Yesterday, the reporters on KCBS were running as their topmost story a breathless, bowled-over commentary on the latest e-mail worm to travel through all our inboxes-- the "admin@yourhost.com" one-- and how Microsoft has so amazingly quickly "nipped it in the bud".
The worm in question is the one that goes like this:
From: admin@grotto11.com Date: Mon Aug 4, 2003 3:19:05 PM US/Pacific To: Btman
Subject: your account eioeofao Reply-To: admin@grotto11.com Attachments: There is 1 attachment
Hello there,
I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details.
--- Best regards, Administrator eioeofao
And of course there's a bright, shiny, candy-like attachment for you to double-click on, thereby infecting your computer and sending out another few thousand copies of itself to anybody your machine has ever had contact with.
The news said that Microsoft had posted a fix "within an hour" of the exploit being reported. They ran interviews with "technology consultants" and "security experts" who professed to being astonished by Microsoft's response, hailing it as a clear demonstration of how far they've leaped forward in embracing security as a prime business concern.
Nary a word about how they plan to apply the fix to all the millions of Outlook installations in the world, or address the fact that my inbox is still filling with about twenty of these a day.
This story, by the way, was a major turnaround from how KCBS normally covers such news. Usually they point out how posting a fix is not the same thing as stopping the spread of a virus or worm, and how the real indicator of increased commitment to security is when fewer of these vulnerabilities appear in Microsoft software in the first place. Usually they get someone to phone in a few sound-bites about "genies" and "bottles" and "monopolies that don't have any incentive to provide secure software, because what are you gonna do-- not run Windows?"
So why the sudden change? Did their whole news staff suddenly forget what security is about? Or did someone drop a suspiciously heavy brown paper bag in an alley behind the station?
I'd be interested in knowing if they'll follow this up with a story about how quickly Microsoft posted fixes for the Code Red and Nimda vulnerabilities.
"Why, they were so foresighted, they posted fixes six months before the exploits started to break out!"
Tireless warriors on the wrong front.
|
|