It seems we hear about these Internet software flaws
regularly. This one was different though. The Net security community worked together to
fix this problem before it could be exploited by a DDoS, virus or worm. To me, that
is what IT professionals are for ... to cooperatively enhance information exchange ...
not to hack, crack or disrupt it.
Estimates say between 50 and 75 percent of all the
Internet’s e-mail is handled by the various versions of Sendmail, making the flaw
particularly pervasive. So Internet Security Systems,
which discovered the flaw, shared it quietly with both Sendmail developers and the US
Department of Homeland Security.
A vulnerability in such a widely used open source
program presents difficult challenges for the cyber defense community —
including the need to get more than twenty different software organizations to act
quickly and silently to develop patches.
The flaw was actually found in late December, but not
revealed until today. That gave the Department of
Homeland Security time to organize efforts that would protect against possible
attacks, including early warnings to foreign governments, federal chief information
officers, and centers that coordinate security at US infrastructure firms like power
companies and mass transit services.
Today I applaud the geek at ISS who discovered this
huge security hole and chose to improve rather than destroy. Not all super heroes
wear capes y'know.
