(Click image to jump to PatchWork Information and Download Page)
PatchWork? On Thursday, March 8th, 2001, the United States Federal Bureau of Investigation (FBI) disclosed details of an ongoing investigation into the organized intrusion, by Eastern European hackers, of more than forty, commercial, domestic, web sites.
These attacks were particularly disturbing because, in every case, the Russian hackers were simply exploiting well known and readily preventable vulnerabilities of non-updated versions of Microsoft's Windows NT web serving operating system. Prior to the FBI's public announcement, I was contacted and asked to quickly create a tool to perform two specific functions for any Internet-connected Windows NT/2000 system:
the Center for Internet Security and may be immediately and easily downloaded directly from their web site:
http://www.cisecurity.org
You can learn about The Center from their web site. You will find a link to their "PatchWork Page" at the top of their site's home page.
so that you will be able to apply it with maximum effectiveness. PatchWork was designed from information provided by the FBI. This information was derived from their investigation into a series of directly related and coordinated intrusions into United States eCommerce and eBanking sites. Through this investigation, the FBI determined the "Attack Vectors" the specific exploits that were used by remote intruders to gain entry into Windows NT systems.
THE PRESENCE OF THESE SPECIFIC VULNERABILITIES. You must NOT confuse PatchWork with a general-purpose, comprehensive, patch-verification tool it is not that. Such capability is beyond the scope of the present utility. We believe that if PatchWork gives your computer the "all clear", then that system will be hardened against the specific Internet eCommerce attacks that have been occurring with disturbing frequency. However, by no means should this PatchWork utility be used as a substitute for continuing comprehensive and proactive security measures. It is our sincere hope that your use of this first simple "PatchWork" tool will help to highlight the need for taking your Internet security seriously. If we are able to help you solve a few security problems today and surprise you a bit about the very real need for continuing vigilance this tool will have been a success in our eyes.
v1.10 Function Enhancements
I sincerely hope you find PatchWork to be a useful and effective utility to aid in taking the first steps toward establishing proactive and ongoing management of your enterprise's Internet-connected server security. Wishing you safe and secure use of the Internet!
|
Gibson Research Corporation is owned and operated by Steve Gibson. The contents of this page are Copyright (c) 2024 Gibson Research Corporation. SpinRite, ShieldsUP, NanoProbe, and any other indicated trademarks are registered trademarks of Gibson Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy. |
Last Edit: Oct 06, 2003 at 14:29 (7,676.48 days ago) | Viewed 22 times per day |