[NTLUG:Discuss] Real dangers of CR2

George Lass George.Lass at osc.com
Fri Aug 10 11:16:05 CDT 2001 

After reading the AT&T page, I get the idea that they are taking the
position
that anyone that is infected by CR/CR2 is violating their "subscriber
agreement".
The reason that I bring this up is that I suspect that M$ would also
take that
type of position if it ever had to defend itself in this situation.
Basically,
"we can't help it if the people using our software are using it to
violate
their subscriber agreements with their ISP's......"

George

Daniel Hauck wrote:
> 
> Here's another thing...
> 
> ---begin slashdot submission---
> <a
> href="http://help.broadband.att.com/faq.jsp?content_id=792&category_id=54">A
> T&T will be blocking port 80 for its @Home users</a> due to mass infection
> [epidemic?] of its users computers.  It's disgusting that it has come down
> to this.  So you can imagine my seething hatred of Microsoft's negligence
> surrounding this matter.  I wonder if there is an angle I can approach a
> lawsuit against Microsoft on this?  After all, I am not a EULA user.  I'm
> not running any MS servers.  I am suffering a reduction in the quality of my
> public internet access resulting from Microsoft's negligence.  I can show
> damages in this case because its negligence as a company has resulted "pain
> and suffering" for me as well as a larger population using the public
> internet.<br><br>
> 
> Frankly, I view this situation as a threat to the safety, security,
> stability and future of the internet.  This is all due to Microsoft's
> negligence in the matter of the way Microsoft has released its product.
> Maybe the EULA exempts its users from claiming damages from this situation,
> but what about users of OTHER OSes?  Like so many Slashdot users, I have
> invested a considerable amount of my time in retraining myself away from
> Microsoft computing in order to avoid the pitfalls of being a Microsoft
> user.  Now I am *STILL* falling victim to Microsoft's incompetence and I'm
> not even running the defective product myself!<br><br>
> 
> So I would like to read comments from everyone with a view on this matter.
> I want to hear arguments not only supporting my view, but more importantly,
> arguments supporting the defendant.  I fully intend to pursue this matter.
> If it grows into a class-action suit, then so be it.  I'd love the news
> media to hear about this.  If this approach, which I am sure is not
> original, has merit then I suspect Microsoft will want to settle this one
> quickly and quietly out of court anyway.<br><br>
> ---end slashdot submission---
> 
> ----- Original Message -----
> From: "Cox, Chris" <Chris_Cox at stercomm.com>
> To: <discuss at ntlug.org>
> Sent: Friday, August 10, 2001 9:57 AM
> Subject: [NTLUG:Discuss] Real dangers of CR2
> 
> > Lately the media has been downplaying the effects of
> > Code Red 2... calling it the big 'yawn' and not likely
> > to affect anything seriously.  They recognize the loss
> > it has cost so far, but believe it to be under control.
> >
> > I realize that this only affects stupid MS boxes
> > running IIS, but since this could be your neighbor,
> > your friend or even your company, I think some facts
> > should be made clear.
> >
> > Code Red 2, the one with the signature of all XX's instead
> > of the NN's places cmd.exe into the scripts and msadc
> > directories.... BUT what you may not know is also maps
> > the c: and d: drives to the virtual web space... so you
> > can execute ANY file on those drives using something
> > like
> >
> > GET /c/winnt/system32/whatever.exe HTTP/1.0
> >
> > This worm has literally affected hundreds of thousands
> > of hosts on the Internet.... the world tells them to
> > just reboot and install a patch.  However, since this
> > backdoor is put into place on the CR2 infected machines,
> > you REALLY don't know what has been done on the machine.
> >
> > The proper solution is turn off, reinstall the OS, apply
> > patch and then put the stupid host back on the net (to
> > wait for the next big worm).
> >
> > I would not trust any hosts that had CR2 on it at any
> > time.
> >
> > Sorry about the non-Linux post... but this could affect
> > everyone in a real way.
> >
> > Chris
> >
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> >
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list