[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

worm warning?

To: iesg@ietf.org
Subject: worm warning?
From: Steve Bellovin <smb@research.att.com>
Date: Mon, 03 Nov 2003 01:31:17 -0500

I think that we should send something like the following to 
ietf-announce.  I'm especially interested in the first paragraph.
(If anyone wants to wordsmith it, feel free; I'll be offline most of 
Monday and Tuesday, and won't be able to respond.)


Worm Warning

If you use a Windows laptop, please make sure that it has the full set 
of security patches.  Additionally, *please* scan it to be sure that 
it's not currently infected -- the wireless net at NANOG was more or 
less non-functional the first morning because of aggressive scanning 
activity by infected machines.

Also remember that neither wireless nor wired networks are at all 
secure.  Please use appropriate cryptographic mechanisms for any 
sensitive traffic, including (of course) email passwords.  There has 
been "black hat" malicious activity from within the IETF net in the past,
including session hijacking.

		--Steve Bellovin, http://www.research.att.com/~smb

Follow-Ups:
- Re: worm warning?
  - From: Randy Bush <randy@psg.com>

Prev by Date: RE: [Gen] Thinking about adding a new person to the IESG
Next by Date: Re: Last Call: 'A Guide to Implementing Stateless DHCPv6 Service' to Proposed Standard
Previous by thread: Re: Last Call: 'Maximum Transmission Unit Signalling Extensions for the Label Distribution Protocol' to Proposed Standard
Next by thread: Re: worm warning?
Index(es):
- Date
- Thread