[WEB4LIB] RE: SunOS/BoxPoison virus

[Thomas Dowling]

----- Original Message -----
From: "Margaret Escherich" <esche_ma at oaklandlibrary.org>
To: "Multiple recipients of list" <web4lib at webjunction.org>
Sent: Monday, May 21, 2001 3:20 PM
Subject: [WEB4LIB] RE: SunOS/BoxPoison virus


> Ugh, just discovered we have gotten this, too....
>

Our jobs keep all of us busy, sysadmins no less than others, but it's hard
to believe how easily this worm got around when it depended on a SunOS bug
that was patched in December 1999 and an IIS bug that was patched in
October 2000.

I also find it hard to believe that the library world (or anyone,
actually) uses IIS almost as frequently as Apache; but if you're going to
use a program that's a hack magnet, at least keep on top of the patches.

And lest the Apache admins chuckle too loudly, I also can't believe the
number of library web servers that run versions of Apache that are years
behind--especially considering the security fixes Apache puts in from
version to version.  My current survey from Libweb shows only about a
quarter of library Apache sites are within the most recent three releases
of the software (1.3.19, 1.3.17, or 1.3.14).


Thomas Dowling
OhioLINK - Ohio Library and Information Network
tdowling at ohiolink.edu