Home > Security > A Marathon, Not A Sprint

A Marathon, Not A Sprint

Our scanners improve!  A new nmap Beta 7 is out (Windows, OSX, Source), with slightly more accurate scan logic research by Renaud Deraison of Nessus.  This tends to find a few extra boxes per network, so it’s definitely worth grabbing.  It doesn’t take too much work to spin up another scan, and heh, it’s an opportunity to play with ndiff, the nmap diffing engine.

McAfee also has a really nice Windows based scanner out the door — check it out.

Of course, you may be thinking:  The world didn’t come to an end.  Clearly, this whole thing was just a Y2K hypefest.  I’m sorry the bad guys aren’t quite the eschatologists some people would like them to be, but somebody’s been investing extraordinary amounts of resources making a worm very difficult to kill.  It’s not like there was a contingent of rogue coders, sitting around figuring out where they could put two-character date fields after January 1st, 2001.  There’s a bad guy out there, and while we shouldn’t panic, we shouldn’t quite ignore the situation either.  Botnets — even much smaller botnets than would have otherwise have been created, thanks to rapid patching and automatic updates by Microsoft — are big business.  As my friend Jason Larsen says, it’s not about ownage, it’s about continued ownage.

What to do?  That’s what makes these scanners nice.  They represent clean, actionable, operationally viable guidance for IT staff that aren’t exactly bursting at the seams with free time.  I continue to be appreciative of all the developers who worked this last weekend to push Tillmann and Felix’s code into their products.  It goes a long way towards moving us closer to less fear, more certainly, and no doubt.

Categories: Security
  1. April 2, 2009 at 11:09 am

    I think most of us agreed that 4/1 was not going to be an isolated, amazingly incident-laden day that would shake our foundations, but rather just a subtle shift that illustrates a sort of evolution of not just a worm, but of the sophistication of the adversaries.

    In the end, the media storm was silly, in fact, stupid. But we can at least thank them for whatever increased awareness we gained either in consumerland, our bosses for budget considerations, or the trenches in checking our patch status. (And can make us look smurt when we disagree with media with good reason!) Obviously we need this, as Conficker’s existence well beyond patch day (hell it was MADE after patch day) illustrates the gap.

    So, non-event, but thanks for the exposure media outlets!

  2. Yin
    April 2, 2009 at 2:50 pm

    well put dan,

    Y2K doesn’t have anything on conficker, because we knew why Y2K existed and how it could be fixed.

    Where as Y2K was not deliberate (a bug), conficker is (a worm).
    There is a large diffrence between the two and i do not see any sense of calling it the “Y2K of now”

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: