Woe to those who ignore the security patch. Technology history is filled with opportunities to say “I told you so.” A golden example is the story of the “Sadmind/IIS worm” of 2001. Learn more in this edition of Tech Time Warp.
Even the initial May 8, 2001, alert from the Computer Emergency Response Team (CERT) Division at Carnegie Mellon University tiptoed close to “I told you so,” pointing out how long applicable security patches had been available. As CERT Advisory CA-2001-11 (see page 65 of the PDF) explained, Sadmind entered the system through a two-year-old buffer overflow vulnerability in Sun Microsystems’ Solaris operating system. It then exploited a seven-month-old security flaw in Microsoft’s Internet Information Server (IIS). Patches addressing each issue had long been available from their respective providers.
Geopolitical tensions and a missed warning
Once Sadmind (also known as “PoizonBox”) attacked a system, the worm displayed webpages with vulgar language and anti-U.S. government rants, and a Chinese email address. That email address led to theories that the worm originated in tensions between the U.S. and Chinese governments. On April 1, 2001, an American spy plane collided with a Chinese fighter jet. The FBI’s National Infrastructure Protection Center (NIPC) issued an advisory to network administrators following the event. The alert warned of potential website hacks from April 30 to May 7, 2001. That timeframe included several significant dates in the People’s Republic of China: May Day (May 1), Youth Day (May 4), and the anniversary of the accidental bombing of the Chinese Embassy in Belgrade (May 7).
The two security patch releases and the FBI alert gave CERT every reason to say, “I told you so”.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: AtlasStudio / Shutterstock
