Weekly Edition
Return to the Press page
| |||||||||||
How we could have prevented an Apache worm (ZDNet)
ZDNet gives a good history of the Apache worm.
"On the one hand, ISS jumped the gun. It should have notified only Apache, then
waited for its response before going public. But, on the other hand, ISS did a
service by exposing a zero-day exploit--those that take advantage of
vulnerabilities known only to malicious users, not the general public--and
preventing a sneak attack."
(Log in to post comments)
How we could have prevented an Apache worm (ZDNet) Posted Jul 4, 2002 9:42 UTC (Thu) by BogusUser ((unknown), #1835) [Link] The fact that ISS blurted out the warning 'too quickly' just reflects that Apache is more important on the web and perhaps also the fact that the open source community are much more keen on fixing any problems than certain other players in the market.Personally I think they should do this every time and for everybody - it is much better that way.
Ensuring a rapid response Posted Jul 8, 2002 4:57 UTC (Mon) by BobRobertson (guest, #2048) [Link] I also believe that a rapid response is better, and modular software likeApache is quickly fixed once a fault is known. I prefer to know a vulnerablity once it is discovered than to not know. So I'm no hacker, so I won't ever find an exploit and have to make this decision, Etc etc etc. Bob-
|
|||||||||||