RealNews

Free Benchmark Could Have Found Slammer Vulnerability

Not only could companies have easily slammed the door on the Slammer worm if they had installed the patch released by Microsoft Corp. six months ago, but they could also have uncovered the vulnerability exploited by the worm using a free benchmark developed jointly by the government and private sector. Industry experts and users said the Slammer worm should have been a nonissue for companies because the patches and a free tool capable of detecting the vulnerability exploited by the worm were available six months ago. That’s important because it would have given companies advance warning that they were vulnerable and more time to test the patch, said users. In particular, they point to the issuance in July of the Consensus Minimum Security Benchmarks, also known as the Gold Standard. Developed jointly by five federal agencies, including the National Security Agency (NSA) and the FBI’s National Infrastructure Protection Center, as well as the SANS Institute and the Center for Internet Security (CIS), the Gold Standard benchmark can be used to test Windows 2000 Professional systems running as workstations for proper configuration. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.