Homeland Security says 'Patch Windows Now'

gregger writes "Wow, so the Department of Homeland Security is really concerned with Microsoft patches now... enough to come out and tell us to patch our machines. This warning, chronicled in eWeek, was issued less than a day after the release of 23 patches from Redmond. So, if you don't apply the patches, then what?"

Two Reactions

[eldavojohn]

In my country, the United States of America, I have never seen everyone so polarized. As a result, I personally highly value the ability to see actions and events from both sides. It's a becoming a rare trait.

On one hand, this announcement shows that the government is looking out for us. They are concerned about terrorists using our machines to commit acts of cyber terrorism. They are helping us protect ourselves by advising that we patch our machines with hyper critical updates from Microsoft. We should be glad that our government is so thoughtful and has decided to twist Microsoft's arm into fixing these problems and releasing updates. After all, as Americans, nothing is more important to me than my internet. It's my commerce, education, and ... uh ... love life. I wouldn't care if terrorists destroyed every TV & radio station in the United States, but I would riot if I was denied an internet connection for more than a few weeks. They're just protecting my interests much like a public service announcement or a tornado warning. I mean, the US-Cert team has been doing this for a while--even on my Mozilla [us-cert.gov] browser. This "Patch Windows Now or Else..." is just FUD from the Slashdot editors--if you read the government press release, it's merely a recommendation, not a demand, warning or threat to patch your machine.

On the other hand, should we be suspicious? I mean, there have been much more severe critical problems with prior editions of Windows that the government hasn't deemed necessary to recommend. How do we know that these patches aren't part of some sort of government initiative to harvest data? I mean, we've seen it with our phones and e-mail--why not another form of technology? Could it be that these patches will occasionally phone Microsoft who then relays our data and actions to the FBI and/or NSA? Shouldn't we be suspicious that the government has never openly declared critical Linux updates [us-cert.gov] an imperative? Why Windows? And how can we believe them if we never get to see the source code of the original program and the source code of the patches? Two points to note: Why now? And why isn't the government's warning message included with specific reasons and details of what the problems are and what the patch is going to do? These patches might be a wolf in sheep's clothing. I don't think the government is so worried about our interests but more so they're worried about the gathering of intelligence in their case against every single United States citizen.

Re:Two Reactions

[TheSpoom]

It's my commerce, education, and ... uh ... love life.

This is Slashdot, that last bit was assumed.

Re:Two Reactions

[vwjeff]

So, if you don't apply the patches, then what?

The terrorists win.

Simple logic.

You unpatriotic communist raghead whiner!

[EmbeddedJanitor]

Windows Visa will automatically send the details of people that don't update to the 'no fly' list.

Re:Two Reactions

[ToasterofDOOM]

That is the most level-headed thing I've EVER heard on this site, and that says very little. This just goes to show that the goal of this government is not to oppress you or take away all of your freedoms, they do genuinely care for this country and its people, even if their methods are flawed.

Re:Two Reactions

[LS]

I'm sorry that you are so scared of the truth that you jump at such a weak opportunity to keep the rug from being pulled out from under you. Who are "they" that you speak about? You say this as if you actually prefer strong authority figures keeping the world in order for you because you are unable to do it yourself. There is no "they" that either care or don't care for this country and its people, becase the government is made up of thousands upon thousands of people with different ideas and goals, some of them good, and some of them very sinister. Stop laying your parental fantasies on top of the government, because others like myself prefer not to have these nannies looking over our shoulders, especially when some of them have already proven to be homicidal.

Re:Two Reactions

[MECC]

How do we know that these patches aren't part of some sort of government initiative to harvest data?

Because the government isn't that competent or clever. The effective 'intelligence' of any organization is inversely proportional to its size.

Or

[Ruff_ilb]

>_>

That's what they WANT you to think

_ /tinfoilhat on

Re:Two Reactions

[Silverstrike]

That's a completely nieve sentiment. I'm sorry, but government, at least in some form, is absolutely necessary. How do I know? I'm human. And by and large, humans are greedy, amoral, unethical creatures that left to their own devices lie, steal, cheat, murder and rape their way through life. Don't believe me? Look at any area of the modern world lacking a strong government, like Africa.

Now, since government is comprised of humans as well, it also must have checks and balances in place to ensure that those in power don't lie, steal, cheat, murder and rape their way through life, much to the misery of the people they rule. For examples of this, see any totalitarian regime. ie: North Korea

You say this as if you actually prefer strong authority figures keeping the world in order for you because you are unable to do it yourself.

Are you able to keep the whole world in order? You do realize at there's 6 billion people on the planet right? Most of them would kill you, your family, and everyone you know, if it made their lives even marginally better. So go ahead, try to "keep the world in order", I'm sure that'll work out great for you, by yourself. What's that? You'll get some friends to help? You do realize you just created a government then, right? Albiet, an informal government that probably would rule by force. Good job.

All that being said, I do value my privacy and freedoms greatly. I wish the government would stay out of my life. However, I also appriciate the fact that the crazies down the street know that their asses will end up on jail, should they try to hurt me or my family.

Re:Two Reactions

[NeutronCowboy]

I think before calling people naive, you might want to check what said people are exactly saying. No one said (and certainly not the post you replied to) that governments should be abolished. No, what he said is that if some government is good, more government is not better. There are many instances where it is patently obvious that more government is actually far, far worse than no government at all. And one of those instances is, gasp, Africa. Far from being weak governments that wreck havoc there, it is

Re:Two Reactions

[LS]

If you mean _naive_ sentiment, I would obviously disagree. I would posit that the most horrendous crimes in the history of the world are actually executed by a tiny majority in overly strong governments which take advantage of a weak-minded and normally peaceful populace. I would like you to give me an example of a genocide or other serious crime against humanity that wasn't orchestrated by a dictator, monarch, or totalitarian government of some sort.

You claim that government keeps people in line. But th

Re:Two Reactions

[Lokni]

What a remarkable commentary on the sad state of affairs in the "Land of the Free" that our government makes a press release regarding patches to our computers and the first thing we think of is that the patch is associated with monitoring us somehow. For the record, I had the exact same thought as the OP and agree 100% with what he said.

This is unprecedented action. Why now?

68%

[Gary W. Longsine]

I agree 67.314159% with everything the OP said!

Re:Two Reactions

['nother poster]

This is unprecedented action. Why now?

Well, the first time anyone does anything it's unprecedented by definition. ;) As to why, because they felt it was necessary. The reason for the necessity is left as an exercise for the reader since I have no idea. Maybe the government wants to p0wn your PC more than they do already. Maybe they know of a specific threat from an enemy state or terrorist group and are taking precautions. Or maybe, just maybe, they are sick of 50,000 zombies spamming herbal Viagra ads to their personal e-mail accounts.

Re:Two Reactions

[twofidyKidd]

We (The slashdot conflux) have always advocated improved computer security, particularly in the case of the Windows operating system. Patches have proven to be an effective method for maintaining said system against such related problems, and from the position of the corporate sys-admin down to the family's IT technician, we've always made it a point to ensure the most updated patches were in place. Now it's finally a matter of the government's to help ensure all the citizens of this country take similar steps.

Should we: A) rejoice because someone of authority has finally been sold on Windows security through patching by some qualified expert, B) assume that there's a greater conspiracy at work here which involves improving the government's ability to surveil their constituency, or C) imagine that there's a very legitimate, non-civil-liberties threatening need for the government to urge the users of the majority operating system in the United States, and very possibly the world, to maintain their systems at a sensible level of security? Maybe Al-Quaida (sp?) communicates via holes in certain unpatched systems (wild-guess speculation), or maybe terrorists are being funded by income brought in by spam-bots and zombie machines (plausible).

The real problem is that our cynicism makes viewing realistic possibilities hard to imagine, and our tools go logical deduction sort of seem to fail. Occam's razor can't be used in a situation like this because time has proved over and again that the interests of people at the government level aren't always in the interest of people at the constituency level. This is one of those times that we (the slashdot conflux) would like to imagine that someone (like Lawrence Lessig or Brad Templeton) has finally said something to an official that he finally understood and as a result has taken this action, but since we often have a hard time getting our own management to listen to the good ideas we put forth, we're hesitant to believe such a thing has happened. In fact, given the recent history of our government, we're much more inclined to consider a sinister purpose. The DHS press release has many of the "hidden agenda" trappings, like specifically indicating which patch to apply, as well as the call of immediacy.

Just to put things in perspective; right now, Britons are unloading all liquids and gels into trash cans prior to boarding US-bound planes, while we're wondering if the US government is acting in our best interest by adamantly suggesting we patch our Windows computers.

Re:Two Reactions

[SpaceLifeForm]

I'll just note that DHS is a heavy windows user,
and they have a vested interest.

Sorry, slashdot is just tinfoil hat heavy

[AHumbleOpinion]

What a remarkable commentary on the sad state of affairs in the "Land of the Free" that our government makes a press release regarding patches to our computers and the first thing we think of is that the patch is associated with monitoring us somehow. For the record, I had the exact same thought as the OP and agree 100% with what he said.

Sorry, but these two post really comment on the sad state of affairs on slashdot. Slashdot is a bit heavy with tinfoil hat types. One of the primary rules of espionage is to just blend in, fade into the background, don't call attention to yourself. If the government were to do something like this, and I don't believe they would, it would be quietly slipped into a run of the mill security update. Nothing special, just a routine monthly security update like the ones we have come to expect.

Re:Sorry, slashdot is just tinfoil hat heavy

[The Spoonman]

Sorry, but these two post really comment on the sad state of affairs on slashdot. Slashdot is a bit heavy with tinfoil hat types.

Perhaps, but I would argue that the growing number of tinfoil hats is due to the growing amount of government misconduct going on right now: erosion or outright removal of basic rights, blatant collusion with corporations to screw as much money out of consumers as possible which includes rewriting emminent domain to allow corporations to take people's property, spying on the po

Re:Sorry, slashdot is just tinfoil hat heavy

[AHumbleOpinion]

... a growing theocracy hell-bent (pun intended) on ensuring EVERYONE follows christian beliefs, no matter how whacky ...

Sorry, but you're going to have to go find some impressionable young mind that doesn't know any better to buy that. I'm old enough to remember how Reagon was demonized just like Bush Jr., how Reagan/Fallwell were going to turn the US into a theocracy, ... I'm old enough to remember how Gore was going to outlaw free speech in music and movies, ... I'm old enough to remember how Clinton was demonized, how Clinton was going to turn the US into a socialist state subserviant to the UN, ...

The truth is the people, the voters, are in control. Politicians of the left and right are only getting away with what the voters *allow* them to get away with. Stupid crap happens because the irritation level does not rise to a level that motivates enough voters. When politicians do cross that line they get whacked down by the voters.

Re:Sorry, slashdot is just tinfoil hat heavy

[The Spoonman]

I'm old enough to remember how Reagon was demonized just like Bush Jr.

Firstly, I'm old enough, too. Reagan was a porn star compared to Bush Jr. and Crew. This goes beyond Bush. This enters the Senate, the House and now the Supreme Court. Zoning boards across the nation are zoning anything the chrisitians don't like out of town (porn shops, strip clubs, etc). Are you old enough to remember the hub-bub about Janet's boob? When was "intelligent design" even on the table at school boards, let alone a serious consideration?

The truth is the people, the voters, are in control. Politicians of the left and right are only getting away with what the voters *allow* them to get away with. Stupid crap happens because the irritation level does not rise to a level that motivates enough voters. When politicians do cross that line they get whacked down by the voters.

So, what you're saying is you're old enough to remember the dream, but haven't awakened to the reality yet? 'pubs are fixing elections across the country, ADMITTING to fixing elections, and no one raises an outcry. Of course, give people even the whiff that their american idol election is fixed and then you'll get a letter-writing campaign.

Re:Sorry, slashdot is just tinfoil hat heavy

[budgenator]

Actualy I've worked pretty closely with some guys from the DEA, FBI, BATF and Secret Service, and the truth is they're not bad people but I wouldn't want their trash talk to turn into group-think either. One thing we should realize is that the mid and lower levels people know they have powers that they shouldn't have and they need these powers to keep some really vicious people under control. Most of these guys have families and they want to protect their families as much as they want to protect us, and if

Re:Sorry, slashdot is just tinfoil hat heavy

[AHumbleOpinion]

But a lot of people don't download the updates, which could be the reason for the warning.

The updates are automatic. You have to manually disable that feature. Do you really think the type of person who would manually disable automatic updates is going to run out and do whatever Homeland Security says to do?

Re:Two Reactions

[Billosaur]

It seems to me that if the terorists wanted to cause chaos and confusion, they've been doing a good job. Look at how we have to analyze this to see just what the DHS is up to, rather than simply thinking "Hey, patching my copy of Windows is probably a good idea." It's funny that when Microsoft says apply the patch, we dutifully go about it and grumble about all the bugs in their software, but when DHS says to do it, it's part of some sinister plot... or is it? We've become so conditioned to the idea that the government is corrupt, we fail to notice when they are actually doing their job. THe thing that maes this problematic is that DHS is being pretty cryptic, and they have no track record of doing this. It'll be interesting to see if this happens again when the next MS patch cycle occurs.

Re:Two Reactions

[Jimmy King]

We've become so conditioned to the idea that the government is corrupt, we fail to notice when they are actually doing their job.

It's not so much that people have failed to notice the government doing their job for once, several people have shown appreciation of it. It's that the government has been doing corrupt things and not protecting us for so long that people question whether they're really trying to protect us this time. It's kind of like that scene in a lot of movie revolving around highschool, where the popular kids constantly pick on and beat up the dorky kids. Then one day they invite said dork to a party, the dork thinks "wow, they've changed their minds and like me", only to show up and get their ass kicked and/or be the butt of some school wide joke.

Re:Two Reactions

[maxume]

DHS is a big, stupid bureaucracy. Get used to the fact that they are far more concerned with appearing to be doing something than they are with actual security.

Announcing that it is a good idea to apply security patches to computer systems is a fairly safe way to appear busy.

The security level bullshit is another great example -- if they think something is neccesary during a 'red', then it is probably a good idea to do it during a 'yellow', as their intelligence is bound to not be perfect. Announcing the 'red' and then doing stuff related to it makes them look busy.

Re:Two Reactions

[budgenator]

We used to just walk around with a clipboard in the Army, maybe do some scribbling and pointing once in a while for emphysis. Get at least three other people to follow you, and people would cross the street to avoid you!

Re:Two Reactions

[corbettw]

It seems to me that if the terorists wanted to cause chaos and confusion, they've been doing a good job.

Except that's not what they want to do. They (and by "they" I mean Islamist terrorists) want everyone in Dar al-Harb to either become Muslim and join the Dar al-Islam, or die. Sowing confusion isn't really a part of either of those.

Re:Two Reactions

[955301]

Well, let's take a cursory glance then.

Wikipedia (Unless you think I've conspired to make up the entry here):
"The department was created from 22 existing federal agencies in response to the terrorist attacks of September 11, 2001."
Making a single department from 22 agencies is called consolidation.

Next, distractions: An alert system which never goes off alert is not an alert system at all. It's a continuous message to be vigilant, which is not information, it's a fear tactic. What's more, there would have been a massive uproar if the government had no internal response to the hijackings, so they took existing groups and rebranded them as a single simple solution to the communication problem. Then muddied up the water with reorgs and ill-managed funding.

http://www.usmayors.org/72ndWinterMeeting/homeland report_012204.pdf [usmayors.org]

http://hsgac.senate.gov/index.cfm?FuseAction=Press Releases.Detail&Affiliation=C&PressRelease_id=960& Month=4&Year=2005 [senate.gov]

these go on and on. It's the '80's Pentagon spending all over again.

Stop worrying about how I say something and actually take a look around.

Re:Two Reactions

[elrous0]

How do we know that these patches aren't part of some sort of government initiative to harvest data? I mean, we've seen it with our phones and e-mail--why not another form of technology? Could it be that these patches will occasionally phone Microsoft who then relays our data and actions to the FBI and/or NSA?

Funny, but I just posted the exact same suspicion before I read your post. I hate to break out the tinfoil hat, but these days I wonder if we're being paranoid ENOUGH.

-Eric

Re:Two Reactions

[neonprimetime]

Could it be that these patches will occasionally phone Microsoft who then relays our data and actions to the FBI and/or NSA?

You got to think that sooner or later the government is going to have an overload of data that they won't be able to manipulate. I mean, they got our phone records, they got AOL search records, and now they got all your Windows desktop activity.

Re:Two Reactions

[RockModeNick]

They don't need to get at anyone, just know they can put the time and effort to getting information on any individual "you" should that particular "you" become a problem to them.

Re:Two Reactions

[Das Modell]

I don't really believe that Windows would transmit anything to the government (and I don't even live in the states so whatever). Someone would have figured it out a long, long time ago. Seemingly everything is hacked, cracked and exposed these days, Microsoft is under constant scrutiny, and I'm sure a lot of paranoid people have been trying to find out if Windows is sending sensitive data to Microsoft.

Re:Two Reactions

[betterunixthanunix]

Shouldn't we be suspicious that the government has never openly declared critical Linux updates an imperative?

Two reasons for this: market share and business interests.

Windows simply has a bigger market share, which makes critical flaws a far bigger threat. It is just easier to gather up a botnet of 50000 Windows machines before somebody notices than to get that many *nix machines.

And the government is interested in what businesses need. Microsoft has been campaigning for years against Linux, whic

Re:Two Reactions

['nother poster]

A long time ago (1988), in an Internet far far away (before commercialization), one of the first "computer viruses" (actually a worm) to be well known among the public was when some kid (grad student) crippled most of the UNIX boxes with a piece of broken self replicating code.

If this were actually serious

[Simonetta]

If this were an actually serious situation, then the US government would physically take over Microsoft's Redmond 'campus' and force all activity on future commercial products to cease until this 'threat' is over. Then the source code would be released to the authorities and universities for review and study for future 'dangerous defects'.

As to why this doesn't happen for Linux, well it's because the US government doesn't take Linux seriously. To them, it's a toy or at best, a minor applica

Re:Two Reactions

[rtb61]

The odd point to consider is, that because the Department of Homeland Security is recommending the patch, they are also acknowledging and recommending, by inference the microsoft licence agreement that goes with the patch (a more anti-consumer licence agreement I could not imagine).

It would seem their lawyers were asleep at the wheel for that one (they should have specifically excluded any liability, just as microsoft specifically excludes any liability for any faults or even the presence of viruses). It

Re:Two Reactions

[andrewman327]

Here is answer to your "why now" question: government moves that slowly. It takes this many years for them to get around to issuing their warnings.

Paranoid poster doesn't search enough

[technoextreme]

And why isn't the government's warning message included with specific reasons and details of what the problems are and what the patch is going to do?

Actually, they did that. You just didn't bother looking. http://www.kb.cert.org/vuls/id/650769 [cert.org]
http://www.us-cert.gov/cas/techalerts/TA06-220A.ht ml [us-cert.gov]

Why now?

The cynical side of me also says that some department in the United States got hacked into. They do say that the exploits were being used but dont go futher.

Re:Two Reactions

[ExE122]

Wow, look at the replies... I love how aroused everyone gets over the prospect of a possible government conspiracy. I think the government really does have its priorities, but monitoring 10 million computers to find out what porn sites people like to visit isn't one of them.

From the article: "This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users"

I think that statement is pretty much an ordered list of government priorities when urging these security measures. Why is the government getting involved? They're looking out for their own interests. The average government worker is likely sitting on a windows workstation right now, surfing the internet with IE, creating a presentation in Powerpoint, running some calculations in Excel, or typing a document in Word... and they probably don't even have the administrative rights to run their own updates, so they sit around waiting for some IT grunt to get off his lazy ass and do it for them.

Even as we speak, I'm sitting at a Windows work station without version management and without admin rights. I have to use the company standards of IE and Office because I can't install Mozilla and OpenOffice. I don't even know if our IT department is aware that they need to run any patches. I haven't seen them do it since I've started working here. And what's worse, I'm working for a government contractor which is always making a lot of fuss about security!

Which brings me to my next point. The government is also looking out for industry and commerce. I'm sure you've noticed the U.S. economy isn't what it used to be. The last thing this country needs is a cyber attack wreaking havoc among businesses and putting even less trust in online commerce than there already is.

Shouldn't we be suspicious that the government has never openly declared critical Linux updates [us-cert.gov] an imperative?

Actually, the DHS has funded open source security auditing [itworld.com]. Its true, they have never made it an imperative critical update, but you have to take into account the users and usages of open-source products. If you've installed and/or administrated Linux, its very likely you have enough know-how that you don't need a government warning to get you to stay on top of security patches.

Windows, however, is the most widely used operating system, especially for people who don't have the first clue about security or administration. How many Windows users out there use Administrator as their standard account? People like that need to be warned about the importance of updates.

While I'm not going to deny the possibility that they do have more up their sleeves, I think the past couple years have made me less likely to don the tin foil. With the terrorist attacks, resulting WMD wars, Gee Dubya elections, and blatant fear-tactics, I've really begun to realize that "government intelligence" truly is an oxymoron.

--
Take off every sig. Move sig for great justice.

Re:Two Reactions

[Shaper_pmp]

I think the government really does have its priorities, but monitoring 10 million computers to find out what porn sites people like to visit isn't one of them.

How about monitoring 10 million phone calls [washingtonpost.com]?

And with a handy backdoor installed monitoring computers would be even easier to automate.

I'm not saying they have, merely that your pooh-poohing of the whole idea is a bit baseless when they've already been caught doing essentially the same thing in a different medium.

While I'm not going to deny the possibility that they do have more up their sleeves, I think the past couple years have made me less likely to don the tin foil. With the terrorist attacks, resulting WMD wars, Gee Dubya elections, and blatant fear-tactics, I've really begun to realize that "government intelligence" truly is an oxymoron.

Sorry, just to clarify:

The constant exposes of systematic corruption throughout all levels of the US government, from pre-warnings of 9/11 through to financial scandals to the gutting of judicial oversight and introduction of almost limitless executive power for the Whitehouse... two blatantly corrupt elections, at least one illegal war and enough lying, bullshit and willful misrepresentation to indict and incarcerate any normal group of people ten times over... and all this means you're less likely to don your tinfoil hat?

The only way this makes sense to me is if you're saying conspiracy theories shouldn't attract tinfoil hat accusations any more... because everyone knows they're watching you, lying to you and breaking the law all the damn time?

Re:Two Reactions

[dbIII]

I prefer to look at this simply - perhaps someone from the uber department is just making public noise to justify spending on their sections projects.

Personally I think the vunerability and number of exploits on machines on the net has gone way beyond what I would have laughed at in SF a few years ago. Buffer overflows and race conditions were known about and dealt with in computers before Gates wrote his first program - let alone all of the other stupidities that fill the net with spam zombies. Getting

Re:Two Reactions

[PFI_Optix]

I don't need nor desire the "government" to hold my hand.
I think the "government" has a lot better things they should be worrying about.

I don't see where this is anything close to hand-holding. You aren't being forced to do anything, the government isn't doing it for you, and if you don't do it, they aren't going to come after you. There's nothing wrong with a PSA that encourages people to secure their computers.

And if you really need a reason for it all, it costs tax dollars to deal with things like identi

Re:Two Reactions

[ArcherB]

But mostly I blame the "government" for allowing the situation with Microsoft to exist.

By "government" I of course refer to the current administration.

Uh... M$ was making buggy software long before the "current administration" came to power. Just like the plotting for 9-11, wars between Arabs and Israelis, wars in general, global warming, hurricanes and so on all predate the current administation. I'm not saying the current admin is perfect or that previous admins are 100% to blame, but I think you need to spread that blame around.

It's bad enough people think that history began when they were born, but there is no excuse for thinking all problems began less than seven years ago, provided you can read.

Re:Two Reactions

[truthsearch]

Actually, you can blame just the current administration for letting Microsoft get away with things. The Microsoft anti-trust case began during the previous administration. A few weeks after Bush entered office he removed every lawyer on the case with any experience in monopoly law. He had them replaced with novices and shortly after the case ended with Microsoft not even getting a slap on the wrist. Gates was never even investigated for his perjury in federal court. While Microsoft is guilty of illegal

Re:Two Reactions

[Jtheletter]

Global warming isn't the government's fault, it's OUR fault. Does the government make you drive a car to work?

OK, I'll bite, but keep in mind I'm half-joking here. (And I do agree that global warming is a collective "we" fault).
Ok, so, the Federal Government has massive yearly deficits, and a total nation debt in the trillions, not even counting future promised expenditures such as Medicaid/care and Social Security payments. Refusing to raise taxes to cover these costs because it is politically untenable

Re:Two Reactions

[a_nonamiss]

Sorry about this one guys and gals...


In Soviet Russia, patches apply YOU!

Then What?

[MinutiaeMan]

"If you don't patch Windows, the terrorists win!"

Re:Then What?

[Ninjy]

Pf, just wait until we respawn in the second round.

Re:Then What?

[Mayhem178]

What are you talkin' about? Terrorists have no honor....they spawn kill! Patch your Windows before it's too late!

Wait, I'm not running Windows! The terrorists win! Onoes!!1!!1!!111cos(0)

so....

[Anonymous Coward]

this means the gov't mandated backdoor has been placed in the update queue?

Re:so....

[milamber3]

Seriously, people are laughing at the parent post but they would have laughed at a sacastic post about the NSA getting warrentless taps to listen to our phone calls in the recent past as well.

Re:so....

[advocate_one]

probably to replace the one that was blown not so long ago... remember the .wmf exploit?

OMG

[broussem]

Then your computer will blow up and we'll all die

Re:OMG

[supremebob]

Oh, you must own a Dell laptop then :)

A plot?

[Billosaur]

In a somewhat unusual move, the DHS warned that the patches cover a remote code execution vulnerability that could be used in a network worm attack similar to Blaster, Slammer of Sasser.

"Windows users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch," the agency said in an public advisory.

Do they know something we don't know? Coming on the heels of this news about

Re:A plot?

[Red Flayer]

Or it could be DHS making a publicity move. They've got to justify their budget to the public somehow, and a lot of what they do is behind-the-scenes stuff.

Also, to be cynical as ever, we DO have elections coming up in a few months.

As far as I'm concerned, the boy has cried wolf far too many times for me to react to any warning DHS or any other governmment agency says about threats.

Re:A plot?

[Darth_Burrito]

I'm a system administrator at a large university. Apparently Microsoft actually contacted a few people around the university urging them to patch up. This shocked a few people because apparently we don't normally get that kind of communication from them here. It went around our listserv yesterday. So anyways, it seems like Microsoft might think it's an unusually big deal too.

Re:Since you are a system administrator...

[Darth_Burrito]

These ports have to do with things like name resolution, network file sharing, remote execution, and stuff. I don't really know all the details. While linux can talk samba with windows, it is more a windows to windows kind of thing. Read this for some more info. What port 445 does [petri.co.il]

One should probably never have 139 and 445 exposed directly to the internet, one should probably only have them exposed beyond an individual workstation if that workstation is part of a realish network (eg, three pcs that never talk to each other plugged into the same linksys router wouldn't count). When in doubt, block it and see what happens.

Typical over-reaction from the Slashdot staff

[Megaweapon]

It's just a recommendation, and they've been doing this for a while now. Perhaps this is to save a little face for the massive Rails exploit posted just a few stories below?

Re:Typical over-reaction from the Slashdot staff

[DingerX]

Yeah, but it used to be CERT, not "CERT, a division of the DHS"

Hmm..

[TheOldSchooler]

"So, if you don't apply the patches, then what?"

They buy you a brand new Intel Mac! Courtesy of U.S. taxpayers.

Otherwise the NSA won't be able to "help" you

[elrous0]

Not to break out the tinfoil hat here, but am I the only one who worries that one of these "patches" might one day (or already) include a nice little quite NSA backdoor? Or maybe the backdoor is already there and this "patch" is designed to keep it from being exploited/discovered.

Man, I really HOPE I'm just being paranoid today.

-Eric

Re:Otherwise the NSA won't be able to "help" you

[LurkerXXX]

Right. And of course you sniff all the packets that your machine sends out from your windows machine every time it gets a patch from microsoft, etc, etc, to make sure it's not 'reporting back' on your activities since you last connected to Microsoft, etc, etc?

The opensource firewall only protects you from them initiating contact to your machine from outside. It doesn't prevent hidden reports being sent out. That takes a lot of human monitoring, and some packets, you just don't know the real content/conte

What then?

[tygerstripes]

Then the nawty trojan horsies sneak down your Internet tubes and steal your bank.

Meh

[TheSpoom]

So great, DHS is recommending that people keep their machine patched. Anyone who says this is a bad thing has their tinfoil hat on a little too tightly. The only thing that concerns me is that DHS's responsibility in the US government seems to get more and more broad; anything that can be deemed in the protection of "Homeland Security" they can control, from intelligence to customs and border patrol to cyber security.

Anyway, this isn't that big a deal.

Re:Meh

[jimktrains]

When I first heard their name the night they were announced in the pres's speach, I immedialty thought, "Damn, isn't that how the Nazi's took so much power over the MotherLand when they came to power?" It was the motherland/homeland similarity that brought it on, but it seems to not be too far from the mark.

Re:Meh

[Dionysos Taltos]

The only thing that concerns me is that DHS's responsibility in the US government seems to get more and more broad; anything that can be deemed in the protection of "Homeland Security" they can control, from intelligence to customs and border patrol to cyber security.

You know ... that's a pretty big concern. If that's truly the only thing that concerns you, you should still be scared stiff. We have a U.S. Department which is 100% staffed by the current administration, and it continues to broaden it's rol

Ahh I can see it now...

[Nicaboker]

You wake to a pounding on your door. At your door are two men dressed in suits. you "Umm can I help you." Suits " You're under arrest." you "On what charge?" Suits "For not patching your windows computer." You "patch my what?? I use Linux!" Suits with a baffled look "Lin-what? Are you threatening us?" Suddenly more suits surround you and begin beating you while you hear "King Bill" laughing in the background.

Download link for patches

[DoofusOfDeath]

http://www.ubuntu.com/download [ubuntu.com] :)

I now practice secure computer usage.

[krell]

Considering this morning's prohibitions on taking liquids onboard (after a terrorist plot was uncovered), I'm resisting temptation so far to place my bottle of 'Dew in my computer's cup holder [atruereview.com].

Hey!

[no-body]

I am trying, but it crashes!

then what?

[__aahlyu4518]

Then you will be considered a terrorist for endangering the American economy by having corporate networks comprimised.

And you know what happens to things that endanger de US economy... they will be eliminated.. ermmm... I mean.. democracy and freedom will be brought to them, or they will thought of as totally unimportant (environmental issues).

malware

[Blighten]

So, does this mean that the creators of malware/viruses/spyware are going to be classified as terrorists?

Re:malware

[hackstraw]

So, does this mean that the creators of malware/viruses/spyware are going to be classified as terrorists?

Why, yes! http://www.asiamedia.ucla.edu/article.asp?parentid =39237 [ucla.edu]

Dig out the Duct Tape

[hanshotfirst]

They were confused. They don't really mean MICROSOFT Windows - this is the same old patch your HOUSE windows - cellophane and duct-tape. There's a red-level threat in the UK today, therefore nobody can carry-on water on airplanes in the US. Clearly water can kill you, so they are making sure none of that nasty humidity in the summer air can get into our homes. Thank goodness for the protective vigilance of our gubmint!

In reality...

[Svartalf]

An unsealed bottle of water can be used as a transport for biological and chemical agents- and
with many of the agents, you'd never know it wasn't "just water" until it was too late.

To be sure, the "can't be bringing a bottle of water on board" is a bit overboard (But then, many
of the things they've instituted have been at least a little bit that way from the beginning...)

Re:Dig out the Duct Tape

[The_reformant]

Incidently the restrictions on hand luggage weren't made by your government but by airlines in response to recomendations from the UK police force, MI 5 and the home secretary. Having just broken up a plot early this morning to bring down multiple plains via liquid explosive agents I should hope that you see the rationale behind these measures.

So, if you don't apply the patches, then what?"

[Patrik_AKA_RedX]

Easy: the only website you get to access would be the one from guatanamo bay.

Too many alerts in one go

[caluml]

less than a day after the release of 23 patches from Redmond

Yeah, boy, did I get bored reading about them as they came out on the mailing list I'm on. Can't they just sum them all up?

Internet Explorer: Bad
Powerpoint: Bad, etc.

Updates and Patches

[anthonyclark]

Gawd, sometimes I loathe Microsoft in all its guises, and sometimes I fall into a Descent style animal fury at this annoyingly necessary evil.

With the latest "Critical, this affects everything" remote exploit patch, I had to run around patching our many computers in our medium sized academic department. We're supposed to have a software update service which pushes out the patches to critical issues such as this. Of course the SUS didn't update about 60% of the PCs, requiring me to manually run windows upd

Cert

[kevin_conaway]

Doesn't the United States CERT [us-cert.gov] fall under DHS?

It makes sense that they would issue an advisory to tell people to protect their machines. While the R in CERT traditionally stood for Response (it is not Readiness), I still don't think its a huge deal for them to be proactive in telling people to get their act together

Re:Cert

[kevin_conaway]

While the R in CERT traditionally stood for Response (it is not Readiness)

Rather, that should be, it is now Readiness

I'd like to but WGA won't let me.

[gukin]

Microsoft denies patches to any system it deems "non-authentic". Now the US government is urging, strongly, everyone to patch their systems. This leaves your typical patriotic "pirate" US individual in a bit of a pickle. Skip the patch and "Let the terrorists win" or fess up, pay up and "Think of the children."

That said, it sounds like a new Microsoft slogan:

"Unpatched Windows systems are hurting the war on terror; buy your legitimate license today."

Then again there is always http://windizupdate.com/ [windizupdate.com]

Patch the windows, get the WGA

[unity100]

Im being conspirative here, yes. But after all we have seen it is not too far fetched to believe that 'homeland security' got a sizeable donation from microsoft, riaa and the like.

then...

[r00t]

You're not with us. That means you're against us.

GET HIM!!!!!

Creepy

[spykemail]

I have to admit this is a little bit creepy. Maybe we should wait for some Slashengineers to take a closer look at this patch. But honestly, government officials already have ability to spy on everything you do and frame you for anything so I'm not even sure a backdoor would accomplish - just makes things easier I suppose.

Cracking down on piracy

[192939495969798999]

They probably just want you to install WGA, which is required for new Windows patches... they probably saw my new motivational poster [flickr.com].

I would.....

[VeeCee]

but it appears my copy of Windows is not genuine.

Wow, no comments about OS X yet?

[5n3ak3rp1mp]

I hereby refrain from the apple fanboi knee-jerk "yeah but OS X..." remark. ;)

US Threat Level

[NullProg]

The U.S. government raised the security alert on passenger planes to its highest level for the first time on Thursday after Britain said it had foiled a plot to blow up flights to the United States.

The government also raised the security alert level for Windows users from Purple to Pink after Microsoft announced it had foiled a plot to make Windows more secure.

Get the Subversive!

[Bob9113]

So, if you don't apply the patches, then what?

Well, I'm not sure what happens if you don't apply the patches, but we do have an idea of what happens [time.com] if you ask questions like that on a blog.

(that's mostly a joke... at least for now)

But Can Microsoft Be Trusted?

[Prototerm]

After Microsoft stuck their WPA Notify spyware on my machine, claiming it was an important, possibly vital update, how am I expected to trust them?

* No * Thank * You *

I have a better solution: I run Windows 2000 SP4 (XP is bloatware in my opinion) inside a Virtual Machine on Linux. The virtual machine has no connection to the internet (its IP address is blocked by the router), and does not run email or a web browser. When the copy of Windows is shut down, *it reverts to a snapshot*. All data is stored external to the VM's "C drive", where it's protected by Linux. Voila, no updates needed!

We've all heard how Microsoft's latest efforts to fight piracy hurt innocent people running legitimate copies of their software. We have all seen how Microsoft installs "beta" software without asking permission. Distrust, like trust, is earned. The folks in Redmond have *earned* my distrust.

What if people CAN'T comply?

[Yvan256]

You know, what if they're using Macs or Linux?!

Is homeland security going to fine them, throw them in prison?!

<pananoid>Homeland Security is working with Microsoft to further their monopoly!</pananoid> ;-)

My dual boot lappy

[Almost-Retired]

So I head off to boot my lappy to XP, something it hasn't done in weeks, run the updater, deselect the WGA option, and the sonofabitch installed it anyway.

Is there no end to the microsoft perfidity?

Oh, wait, this is /., and that makes me look like a nubie, which I hardly am, and you all know that. IMO, the inbreeding in Redmond has reached the point of no return, and I'm thinking of reclaiming the space the XP install uses for something usefull.

--
No Cheers this time, Gene

The real issue

[tholomyes]

This update is as important as it gets. There are vulnerabilities in every major MS program which allow remote code execution, which means that as soon as the exploit is discovered, it can take advantage of holes all over your system.

Affected programs and services:
- MS Server Services (TCP 139 and 445).
- DNS servers
- Internet Explorer
- Outlook Express
- Microsoft Management Console
- HTML Help
- Visual Basic
- Microsoft Office
- Windows kernel

I'm not too surprised that they're trying to push awareness of this patch. It was the lack of patching several weeks beforehand that allowed Code Red to do as much damage as it did.

Re:What then?

[ZeroExistenZ]

They did already!

I haven't remembered the USA getting Bin Laden out of Iraq, Saddam isn't a terrorist! ha!
(The US is breeding terrorists of the future in Iraq right this instant though)

Re:What then?

[dthree]

If you don't apply the patch, then you hate America.

Re:NSA patch

[troon]

hmm, what's with the black helicoptor outside. Woah, look at the scope on that guys rif

Another strike from the Grammar and Spelling Department (Apostrophe Patrol).

Re:NSA patch

[HugePedlar]

Not that I expect you to reply, being dead now and all, but don't you think it's remarkable that, even though you failed to finish your post, in your death throes you managed to hit the submit button?

Re:solution

[dimer0]

Use MacOS X.