North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

  • From: Steven M. Bellovin
  • Date: Sun Feb 11 11:33:38 2007

On Sat, 10 Feb 2007 23:36:32 -0600
"Stasiniewicz, Adam" <[email protected]> wrote:
> Another time I was do some consulting work for a NPO.  I was going
> over the findings of my audit and I told the IT manager that all of
> his machines were missing patches.  His response: "we only install
> service packs, individual patches take too much time to install and
> tend to break more stuff than they fix".  Ironically, a month latter
> he calls me back asking for help because his network got infect with
> Blaster...

He was both right and wrong -- patches do break a lot of stuff.  He was
facing two problems: the probability of being off the air because of an
attack versus the probability of being off the air because of bad
interactions between patches and applications.  Which is a bigger risk?

It's not an easy question to answer.  One scenario that scares me is
what happens if the April Patch Tuesday takes out, say, TurboTax, just
as Americans are getting ready to file their tax returns.

There are no good answers to this question.  Of course, being an
academic I can view such problems as opportunities, and it is in fact
a major focus of my research.  Today, though, it's a serious issue for
system managers.

		--Steve Bellovin,