On Thu, 20 Sep 2001, Doug wrote: > Or how a patch for stupidity and laziness can be created. Since nimba > wouldn't be an issue if people would just patch their damn software. I blame Microsoft for not properly informing people that they need to patch. I subscribe to the Security Bulletins list (for the humor.. some of them are damn funny) and there has been NO MENTION of how to secure your server. Go to Microsoft.com, off on the right side in small print is the link to the IE and IIS patch pages. These are new patches and there hasn't been ANY notification from Microsoft that they exist and they need to be applied, other than a small link on their home page. Most people I've talked to the last few days have had trouble finding finding it, so I know it's not just me. These worms work because most hackers realize that unpatched machines exist. Some are laziness and ignorance from an admin standpoint, yes, but IMHO Microsoft is not making the proper effort to inform their customers of new security flaws and the need to patch. I learned more about the need to patch from the linux community these last couple days than from Microsoft. I call that negligence. What I learned from the MS Security Bulletins: If anyone feels like being mean to a Win2K laptop, set up your linux laptop and point the IR ports at each other. Do an irdaping from the linux laptop. The Win2K machine will BSOD. They've released a fix but I believe it's only in SP2, which most people have uninstalled because it makes things worse. I have yet to confirm that this works though. -Brian