Forgot your password?
typodupeerror
Microsoft Bug Security

HomeSec Warns Again About Microsoft's Insecurity 497

Posted by michael
from the repatch-and-sin-no-more dept.
cbrandtbuffalo writes "The Department of Homeland Security has posted this advisory about an impending attack on MS systems. This RPC attack has already been seen in some localized systems, but may spread as unpatched computers are exploited. Some of the national news like CNN are running stories too."
This discussion has been archived. No new comments can be posted.

HomeSec Warns Again About Microsoft's Insecurity

Comments Filter:
  • by mjmalone (677326) * on Friday August 01, 2003 @09:01AM (#6587028) Homepage
    The security people at my office were talking about this vulnerability yesterday in our monthly meeting, they were saying it is likely going to be worse than slammer/code red/etc (which the article seems to back up)... Do you guys think this is that serious of a threat? A lot of what they were saying sounded like worst case scenario kind of stuff, hopefully it will not be that large of an issue. One interesting thing that the security people mentioned, that the article doesn't, is that windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.
    • by SgtChaireBourne (457691) on Friday August 01, 2003 @09:12AM (#6587124) Homepage
      One interesting thing that the security people mentioned, that the article doesn't, is that windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.
      A second interesting thing is why just this particular bug is getting the publicity. There's been no shortage of remote exploits for that product line, old or new, this year. Is it part of the new marketing campaign that's just kicking in?

      Along those lines, since most of the design flaws are downplayed for weeks/months/years after exploits are found. Apple, RedHat and SuSe have a good lead time to prepare switch campaigns.

      I'm sure a dollar value can be put on the peace of mind and increase productivity that goes with moving to a better workstation platform.

      • A second interesting thing is why just this particular bug is getting the publicity. There's been no shortage of remote exploits for that product line, old or new, this year. Is it part of the new marketing campaign that's just kicking in?

        It's possible that the reason this bug is getting publicity by the Dept of Homeland Security and others didn't is simply because they know about this one. Yes, other security problems are out there and "known" but maybe not by the people at HS. Remember even though it's

    • by rde (17364) on Friday August 01, 2003 @09:13AM (#6587132)
      windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.#

      So upgrade to Windows XP, or the 73rr0r1575 \/\/1ll win.
    • by tlovie (603161) on Friday August 01, 2003 @09:17AM (#6587156)
      I'm not sure if Windows98/se is vulnerable since microsoft's knowledge base specifically states that Windows ME is not vulnerable. The vulnerability is based on a buffer overflow of the RPC service. Does windows 95/98 even offer the RPC service?
    • by Anonymous Coward
      they just suck. Windows 98/98SE doesn't enter non support phase until Jan 16 next year.

    • by Catskul (323619) on Friday August 01, 2003 @09:20AM (#6587185) Homepage
      I think it is going to be worse if someone actually has an objective (ie terrorists) because all of the worms I have heard of have been fairly poorly engineered.

      A well engineered worm would:

      Work on many different system.

      Use more than one security flaw. (spread by email, + kazaa, + IE hole, + sendmail hole)

      Patch that flaw once compromised, and open a separate hole

      Have at least different attack modes (slow and quiet and local sub nets, fast and hard and whole internet)

      Build up to critical mass before initiating fast attack mode.

      Attempt to hide itself from scans. (maybe randomly stop functioning for a while to offer false sense of security)

      Adjust its fingerprint so that it isn't simple to find computers which have the worm (use different ports, different protocols, send some different data when filling buffers etc)

      Offer a payload that makes patching difficult, goes after security websites that often offer patches, targets financial institutions, etc.

      Patch other programs on the system, back to previous insecure versions.

      And that's just off the top of my head. If someone really is sitting down and thinking about this, Im sure they could come up with much more dangerous specifications.

      I think someone should be writing a competing worm that patches all vulnerable systems, just in case this breaks out in to a chrisis.

      • by digitalunity (19107) <digitalunity&yahoo,com> on Friday August 01, 2003 @09:35AM (#6587331) Homepage
        In case you hadn't noticed, few virus writers are developing malicious code. It would appear that most of the internet worms of late are fairly innocuous, and their only design feature is the ability to replicate itself. However, there are others that send random files by e-mail to random people. That was kind of funny. No, if someone wanted to write some really mean code, they'd set up a worm that would find and infect at least a few hosts, and then destroy it's host OS. It wouldn't spread as fast as non-destructive worms, but it'd cause a lot of trouble for a lot of people.

        Personally, this RPC bug doesn't really get me thinking much. Anyone stupid enough to allow incoming RPC packets from the internet deserves what they've got coming. Now, on the otherhand, if a live exploit for BGP4 was ever discovered and published, we'd be in a world of hurt for quite a while.
        • by Finni (23475) on Friday August 01, 2003 @09:45AM (#6587410)
          Anyone stupid enough to allow incoming RPC packets from the internet deserves what they've got coming.

          True, but that doesn't cover any/all cases at all. Businesses with Windows servers can't turn off RPC (and sometimes can't turn off DCOM) on their users' laptops, right? So a laptop user goes home and uses dialup, or he has broadband and no router and gets infected. No he comes back into work the next day. The MS-supplied patch doesn't work in all cases, so even if they have a good patching system and a great firewall, they've still got a compromised, infectious system on their LAN. Mobile-user VPN has the same risks.

          • by nat5an (558057)
            Well, admins can turn off RPC on their users' laptops. The average user probably has no need for this service to be running. Of course, you never know what Microsoft is using it for. You turn off the RPC service, and suddenly 10 unrelated things stop working. Such is the fun of being a Windows Admin (and I would know).
        • by johnnyb (4816) <jonathan@bartlettpublishing.com> on Friday August 01, 2003 @12:01PM (#6588785) Homepage
          Actually, destroying the whole OS isn't as bad as you can get. Imagine if there were a worm packed with a payload like CPUburn! Or if it had drivers which hosed hardware. Especially if it was set to go off in the middle of the night, you could actually have a virus which inflicted hardware damage.
        • In case you hadn't noticed, few virus writers are developing malicious code.

          While it's generally true that historically, most viruses have had feeble or non-existent payloads, the evidence [lurhq.com] is strong that some of the waves of infection this year have been created by spam gangs, using viral infections to install proxy software.

      • by hey (83763) on Friday August 01, 2003 @09:55AM (#6587503) Journal
        Thanks for the tips ;-)

        Yeah, I like the idea of changing DLLs on a system back to insecure versions and (of course) keeping the Add/Remove Programs list saying they patches have been applied. Needless to say this would be other worms/viruses would get in further making diagnosing more difficult.

        If we want to see what nasty viruses do we need only look at nature. For example, AIDS (or the HIV virus if you want to be exact) attacks the immune system -- the part of the body that fights viruses. People with AIDS then die with opportunistic viruses, like pneumonia, take advantage of the situation. If you wrote a computer virus that only attacked the immune system of the net it would be quite a sight to see.

        • Launch DDOS attached against Windows Update, Symantec, Norton, CERT websites
        • Make the Windows update agent think all is well but to the user appear to functioning properly
        • Likewise neuter virus checking programs by say altering their .EXE's to check for a different .DAT file. If the user can manage to get a current .DAT file he replace one that the program isn't looking at :-)
    • by diersing (679767) on Friday August 01, 2003 @09:23AM (#6587220)
      It could be bad if the Windows admins out there aren't paying attention. But, most sysadmins in MS shops realize the frequency of these kind of patches and are good about applying them timely. This was released over 10 days ago (I got notified on the 19th), and have already applied it to the 350+ MS servers on our network. If the lazy admin has configured auto-update they are protected as well.

      The primary vehicle for spreading this type of exploit, are all the MS clients of broadband users, many untechy PC owners will be to blame if this things hits hard. And yes, I think it could be worst then slammer/code red because its RPC. Pretty much all the MS client out there are going to have it running (versus an IIS exploit).

      • The primary vehicle for spreading this type of exploit, are all the MS clients of broadband users, many untechy PC owners will be to blame if this things hits hard. And yes, I think it could be worst then slammer/code red because its RPC. Pretty much all the MS client out there are going to have it running (versus an IIS exploit).

        Perhaps ISP's should just block RPC at their routers that feed broadband users. I can't think of any good reason most people would want it to be exposed anyways, on a resident

    • expoit here [packetstormsecurity.nl]

      why not, i got karma to burn...
    • It's reasonable to expect this to be worse than some of the other worms, because it is part of a more central and common service. It seems unlikely that future worms will be less effective than past ones, for that matter, since the past ones have generally been disassembled and discussed, and someone writing a worm is unlikely to start from scratch.

      Of course, the vulnerability requires that it be possible to reach the machine with an inbound connection, so firewalled networks will be protected until someon
    • by gregmac (629064) on Friday August 01, 2003 @09:31AM (#6587299) Homepage
      One interesting thing that the security people mentioned, that the article doesn't, is that windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.

      If this is true, Microsoft doesn't even acknowledge [microsoft.com] that it affects Windows98. It's one thing to not release a patch for an affected OS, it's quite another to not mention that it's affected.

    • What is really interesting is that some of the newer exploits stil affect systems even with patch-26 applied. Not to mention that NT4 workstations and servers appear to be on SP6a and that might still not patch things.

      Production networks are complex, sometimes you can't kickin a reboot or even change services, especially when you're talking about the core method Microsoft uses to make things 'easier'.

      That and now the various viral writers are producing payloads that hit the DCOM ports (mumu.a variants).
    • by Lumpy (12016) on Friday August 01, 2003 @10:28AM (#6587816) Homepage
      and the fun part is that cince corperate IT is so damn slow, current IT policy is "NOTHING HIGHER THAN SP3 on W2K machines."

      so that makes all "OFFICIAL" machines in corperate will be hosed as usual when these things come through... Just like the stupid policy of no virus updates from anywher but the corperate server which is always at least 4-5 behind the software companies site. (Another policy I ignore.. I keep everything at the latest DAT)

  • by Tirel (692085) on Friday August 01, 2003 @09:02AM (#6587031)
    This is turning out to be a huge problem, we got the exploit a bit *cough*early*cough* and by simply joining a channel on IRC you get a handful of IPs, of which at least a few are exploitable. And then they wonder why there are a thousands of ddos zombie machines running windows!

    But there's another problem, a lot of people are starting to distrust microsoft and are turning off the automatic update / not getting service packs instead of switching to another operating system.
    • by BWJones (18351) on Friday August 01, 2003 @09:25AM (#6587240) Homepage Journal
      But there's another problem, a lot of people are starting to distrust microsoft and are turning off the automatic update / not getting service packs instead of switching to another operating system.

      Shoot, this was a problem years ago leading me to never enable automatic updates after more than one Windows machine was completely FUBAR'ed after an update. We fought with security issues on Windows for a while, then dealt with the expense and hassle of IRIX (although IRIX is impressively stable), went back to Windows due to the cost and then simply migrated our servers to Apache on OS X. Safe, simple, stable, affordable and secure.

    • a lot of people are starting to distrust microsoft and are turning off the automatic update
      That's exactly what I've done.

      One of their "updates" to Movie Maker (which I use solely to grab DV from an encoder) made the output files incompatible with other video programmes, in particular VirtualDub. Thankfully I was able to get the previous version back by doing a system restore but that's the last time I'll upgrade an MS app when the one I've got is working fine.
  • How long? (Score:5, Funny)

    by Voltas (222666) on Friday August 01, 2003 @09:04AM (#6587048) Homepage Journal
    2 years / millions of dollars and the Home Land Security people tell me that people like to attack Microsoft Products.

    I'm glad I pay all those taxs!
  • If ew can get them to arrest the board of MS directors, in cluding BIll Gates, and treat them as POWs, that would help things considerably.
  • Pretty Bad (Score:5, Insightful)

    by the.jedi (212166) on Friday August 01, 2003 @09:04AM (#6587054) Homepage
    My friend works at MIT's network security.
    From wednesday to thursday they're compromise rate
    went from 3 computers an hour to 30.
    Right now they're just blocking the RPC port
    but the routers are starting to take some heavy
    traffic. Looks like this one is going to be pretty
    bad.
    • Which port is it that you need to block?
      • by tarquin_fim_bim (649994) on Friday August 01, 2003 @09:16AM (#6587148)
        "Which port is it that you need to block?"

        To make windows secure?

        All of them.
      • Read the article damnit. Don't give me that "this is slashdot" crap either ;)

        It's basically all the NetBIOS and Microsoft-ds ports.
      • Re:Pretty Bad (Score:5, Informative)

        by pascalb3 (514151) on Friday August 01, 2003 @09:39AM (#6587366)
        Check out CERT, a good site for this stuff. Here's [cert.org] their warning (more info than DHS). A list of what they have to block:
        135/TCP
        135/UDP
        139/TCP
        139/UDP
        445/TC P
        445/UDP

        Also, it appears 4444 is being used,

        Security Focus's incidentmailing list [securityfocus.com] is also enlightening. And for good measure, a posting on the ineffectiveness one of MS's patch [securityfocus.com] (as of 29 Jul).
        • Fixes (Score:3, Informative)

          by DanV (391300)
          If I understand right, 4444 is the port the exploit for the DCOM bug connects to.
          I updated all my systems,and firewalled 135/139/445(UDP and TCP) and 4444(TCP).
          I know I am gonna get modded down for this,but if you dont have already, I suggest you fix this ASAP.
          You can get the fix from here [microsoft.com] for windows 2000, and here [microsoft.com] for windows xp.

          The exploit [packetstormsecurity.nl] has it in the code:

          target_ip.sin_port = htons(4444);

          Also, notice the comment about the shell code:
          /* port 4444 bindshell */

          Dan
          Security consultant
          Click [clicknews.ro]
      • Re:Pretty Bad (Score:3, Informative)

        by I8TheWorm (645702)
        Actually, 135, 139, and 445.

        NetBEUI = Port 135 netBEUI is only required when you have non-Windows 2000 clients to support. However, NetBIOS over TCP/IP prevents any need for NetBEUI. These days NetBEUI is the usual answer for connection problems that turn out to be name resolution or NetBIOS configuration problems. The other ports listed, 139 and 445, are used for Server Message Block (which with Win2000 can run directly over TCP/IP rather than needing to run on top of NetBIOS) respectively. SMB is a
    • Re:Pretty Bad (Score:4, Insightful)

      by technix4beos (471838) <cs@cshaiku.com> on Friday August 01, 2003 @09:56AM (#6587516) Homepage Journal
      Speaking of routers...

      Am I correct in saying that a router can be used at home to prevent these kinds of attacks in the first place?

      With more families getting online and having multiple computers in a network, wouldn't it make sense to install a router that protects against the silly port attacks?

      I believe a router these days costs about $50 USD, so it's far cheaper to purchase one than to buy a software based "firewall" solution, that might be turned off by little johnny anyhow.
      • Re:Pretty Bad (Score:3, Informative)

        by TheViffer (128272)
        Am I correct in saying that a router can be used at home to prevent these kinds of attacks in the first place?

        Actually that is not correct. A "router" in a nutshell is just used to "route" traffic from point A to point B.

        What what people need is a hardware based NAT switch with firewall firmware. It places that nice "buffer" zone between your machines and the web.

        If if the NAT switch/firewall is compromised somehow, it will not get the hacker very far without the presence of an OS. Your boxes behind s
      • Re:Pretty Bad (Score:3, Informative)

        by drinkypoo (153816)
        A so-called home router (some of which are honestly routers, some are bridges, and some are firewalls and little else) will indeed solve this problem. More to the point, simply using NAT will solve this problem, as long as you don't forward the RPC port to something inside your organization. You might consider mangling the packet so that its destination is the originating host and resending, that might be kind of fun.

        Personally, I use a linux system with two NICs as my router/gateway. netfilter/iptables p

  • Ugh. (Score:5, Funny)

    by JohnGrahamCumming (684871) * <slashdot.jgc@org> on Friday August 01, 2003 @09:04AM (#6587057) Homepage Journal
    Could we not go around referring to The Department of Homeland Security as HomeSec? The last thing we need is /. popularizing a cool sounding name for this behemoth.

    If we need to refer to it then use the initial letters of its name... DoHs.

    Somehow appropriate when they put out warnings like the last one.

    John.
    • Re:Ugh. (Score:5, Funny)

      by glwtta (532858) on Friday August 01, 2003 @09:08AM (#6587082) Homepage
      I just tend to call it MiniPax - is that better?
    • HomeSec sounds like some sort of home-office networking product.
    • by thelandp (632129) on Friday August 01, 2003 @09:21AM (#6587198)
      The name "HomeSec" reminds me of a few similar terms from George Orwell's important (and never more appropriate) book, 1984.

      Most government departments actually are designed to achieve the opposite of their names. For example, the "Department of Homeland Security" is in fact designed to control the level of insecurity that people feel. Likewise, the ministry of defence is really about offence, and in 1984 the Ministry of Information is about disinformation and so on.

      In the book, the language was controlled to the point of creating new terms like IngSoc, MiniPax (ministry of peace, really designed to perpetuate war), and Double-plus good.

      The whole point here is to justify the actions of the government. Because it becomes alot easier to justify removing civil rights when there is the perceived threat of some common enemy.

      • by laetus (45131)
        You know guys, not everybody in the government is fawking off and trying to screw you out of your legitimate right to freely download copyrighted music.

        There are thousands of hardworking men and women serving in Coast Guard ships off our coasts, monitoring land border crossings, inspecting imported cargo containers, and serving as airport security inspectors and skymarshals, all to keep your bloody arses safe behind your monitors as you make fun of them.

        Sorry for the rant, but reality check, there ARE bad
    • If we need to refer to it then use the initial letters of its name... DoHs

      Sounds too much like DOS.

      oh, wait....
  • by Wacky_Wookie (683151) on Friday August 01, 2003 @09:05AM (#6587060) Homepage Journal
    Sounds more like The Department of Homeland in-security :)

    Joking aside I find the US media's "fear hyping" to be outrageous.

    "It could happen to you" Is a major catch phrase for the US media, and they are not talking about winning the lottery.
  • by jocknerd (29758) on Friday August 01, 2003 @09:06AM (#6587071)
    After all, they're giving Microsoft $90 million to run their computers.
  • by curtisk (191737) on Friday August 01, 2003 @09:08AM (#6587080) Homepage Journal
    ....that works at Dept. of Homeland Security whose entire job will consists of keeping up to date with MS security advisories....

    wonder how they (DoHS) are feeling about their OS investment already? :)

    • That "poor slob" has some of the best job security I have ever seen in an IT job these days. Is it really that hard of work to read USENET and hang out on IRC?
      • Dishwashers and garbage collectors have pretty good job security as well, doesn't mean that I'd like to do it. :)

        But as far a IT goes, MS advisories are one of the few things you can count on.

  • by chef_raekwon (411401) on Friday August 01, 2003 @09:09AM (#6587095) Homepage
    i could have sworn that 2 weeks ago, here on this very same slashdot....there was a story about HomeLand Security securing a very large purchase from Microsoft....aka 100 million, or some outrageous number like that..

    isn't this a bit irresponsible of them, now that they are declaring Windows a vulnerability?
    • Indeed they did, and 2 days (maybe 1?) later this security hole was announced. It received national coverage on all the major news players and the implicaitons of security.

      I, personally, am rather angry that my fucking tax money is being spent by the DoHS and all they have come up with is a dependency on an insecure OS and a stupid colour coded system that NO ONE understands!
    • Think of it as "Homeland Security eats its own dog food..." In other words, they are using the same operating system that the vast majority of people use, so they will experience the same vulnerabilities. They'll be able to advise people about computer security from first-hand experience, not just from a few pristine 'test lab' machines.
      • Think of it as "Homeland Security eats its own dog food..." In other words, they are using the same operating system that the vast majority of people use, so they will experience the same vulnerabilities. They'll be able to advise people about computer security from first-hand experience, not just from a few pristine 'test lab' machines.

        That's a good spin on an incredibly incompetent IT decision, but at the end of the day, spin is all it is.

        You want a testbed for vulerability? Fine. Set up a windows la
  • Hilarious! (Score:5, Funny)

    by Wilersh (237791) on Friday August 01, 2003 @09:10AM (#6587100)
    Microsoft is now officially a threat to Homeland Security. Maybe George should drop some bombs on Redmond! We know where they are and they keep putting out a product that threatens our security. Oh wait, the government saw fit to give them a slap on the wrist and turn around and contracted even more unsafe software from them. They'll undoubtedly be mentioned in future hindsight publications from congress but on blanked out pages for national security reasons. That's what we do for "friends".

    Ugh.

    Wilersh
  • by Elendil (11919) on Friday August 01, 2003 @09:11AM (#6587114) Homepage
    On the DHS alert color code [dhs.gov], blue means "guarded", just one notch lower than the alert level the USA have been living in for the last few months (with occasional orange flares). Should this color be reconsidered in sight of the well known Blue Screen of Death?
  • Again.. (Score:5, Insightful)

    by NetJunkie (56134) <(moc.liamg) (ta) (hsan.nosaj)> on Friday August 01, 2003 @09:14AM (#6587136)
    Patch your stuff and for goodness sake put up a firewall! RPC port open to the word? Why?!
  • *boggle*

    would every geek please walk over to their nearest 4 non-geek's MS boxes and flick 'autoupdate' on? maybe we can spare a few routers in the future?

    i mean, if they insist on having those boxes, the least we can do is make sure they're patched up.

    say what you will about MS - but these big exploits don't usually hit until weeks after the patch has been available.

    and if you're relaxed enough with control over your box to run MS in the first place, autoupdate ain't any worse.
  • by sniggly (216454) on Friday August 01, 2003 @09:18AM (#6587170) Journal
    It's time the government started to realize its own linux version [nsa.gov] has been developed to preclude vulnerabilities such as these that are caused mostly by sloppy programming.
  • So much for "journalism" from CNN. That story is sucking up to MS. I guess the AOL/MS lovefest continues.

    Yeah, they're offering the patches free of charge. But it wouldn't be that big of a deal if their junk wasn't broken so much to begin with! If MS actually *charged* for security patches, okay, it needn't be MS necessarily -- any proprietary software vendor, they'd take a hit in sales.

    Notice that Server 2k3 is affected, too. Keeping count, the rate of vulnerabilities is slowing down a bit, but they
  • The Department of Homeland Security is dead against the internet anyway, as stated in this press release [subj.com]. ;)
  • The patch [microsoft.com] from MS is really a trojan!

    Go to this link [chartertn.net] to learn more!

  • So wait, the government is recommending that I download an executable and run it. Is that supposed to make me feel more safe? After being repeatedly lied to by this government, I am supposed to bend over and run their executables? I already run Linux at work. Seems the home computer needs a little conversion too.
  • by BigBir3d (454486) on Friday August 01, 2003 @09:30AM (#6587286) Journal
    I guess that is why our IT Department doesn't want to update the desktops beyond Windows 98. "Hackers target the newest OS" is what he said. Apparently system stability is not a high concern :(
  • by shunnicutt (561059) on Friday August 01, 2003 @09:42AM (#6587388)
    This suggests a new marketing slogan:

    "If you don't upgrade to Windows XP, then the terrorists have already won!"
  • by Rogerborg (306625) on Friday August 01, 2003 @09:58AM (#6587535) Homepage
    Instead of saying open source versus closed source, how about we just start saying open source versus untrustable? That might help to chivvy things along.
  • google is fun (Score:4, Interesting)

    by sniggly (216454) on Friday August 01, 2003 @10:02AM (#6587579) Journal
    Concidence or not? google news' [google.com] primary link to this story points to the register's [theregister.co.uk] article about this vulnerability. In their best sour Brit register tradition theyre none too congratulatory about "free patches". Does bandwidth cost money?
  • WoMD? (Score:3, Funny)

    by vgaphil (449000) on Friday August 01, 2003 @10:03AM (#6587583)
    Windows of Mass Destruction?
  • Security (Score:5, Funny)

    by atcurtis (191512) on Friday August 01, 2003 @10:27AM (#6587804) Homepage Journal

    To make your computer truely secure, follow these simple steps:

    1. Get a decent firewall
    2. Configure it to deny everything except the ports you really need.
    3. Unplug any conputer with really sensitive data from the network
    4. In fact, unplug it from the wall power socket
    5. Heck with it, it's still vulnerable from someone at the console - encase it in concrete
    6. Cover the concrete block with copper sheeting to prevent against Echelon
    7. Cover it with lead plate just to be safe from X-Rays.
    8. Put it on a back of a trailer and tow it into a deep mine shaft. Salt mines go pretty deep.
    9. More concrete please!
    10. Use a tactical device to ensure that access to the bottom of the mine is difficult.

    Should be truely secure... But for the overtly paranoid, concider dropping the planet into your local black hole. Please note that there may be information leakage as any entropy is represented on the black hole's event horizon.

    Not practical... But fun.

  • by Rogerborg (306625) on Friday August 01, 2003 @10:28AM (#6587822) Homepage

    "Based on this notification, no change to the Homeland Security Advisory System (HSAS) is anticipated; the current HSAS level is YELLOW."

    Hasn't it been yellow for like ever? I think they just can't figure out how to change the bulb.

    Slightly more seriously, are we all comfortable with the idea that the Vaterland Security Advisory System is now here to stay, and that it's now featured in contexts where the words "external" or "terrorists" don't appear? That Homeland Security bulletins, much like the "troops killed in Iraq" daily scorecard, are now routine routine occurances?

    I've just had a kid. When he starts asking what the HSAS is, what do I tell him? "We're at War, junior. We've always been at War. Terrorists, drug barons, organized criminals, religious extremists, crackers, hackers, commies, arabs, they're all out to get us, and it's important to know just how scared the government wants us to be that we're going to die today."

    Nice world he's going to grow up in.

  • Port blocking (Score:5, Insightful)

    by Gothmolly (148874) on Friday August 01, 2003 @10:40AM (#6587909)
    Is it me (insert tinfoil hat joke), or is anyone else disturbed by the increasing tendency of ISPs and vendors to say 'just block port xxx' on your network connection, as a response to problems? Is this one more step on the road of converting the Internet to simply an MSN-ified WWW? Where does the small, independent content creator turn as more and more barriers to market entry are enacted, either by FUDding ISPs, lobbying Congress, and blatant stupidity?
  • by Satan's Librarian (581495) <mike@codevis.com> on Friday August 01, 2003 @11:28AM (#6588441) Homepage
    For boxen being broken at ISP's. Interland trashed a rather important co-located server for us over the weekend, and blamed it on a "Worm" referencing this bug. AFAIK, no worm has yet been released, and certainly none was out then - anyone else been fed this kind of b.s.? Anyone heard of any truth to it at all?

    As far as DoHs getting in on the action - I think they'll cry wolf at anything to keep interest. The more afraid the public is on a daily basis, the more they are legitimized. I was appalled the other day to see this [cnn.com] article on the front page a few days ago - no shit guys, thanks for the press release. Ya know what else? .COM stocks might not be the best investment if the company hasn't produced a product.

    Obviously this hole is a major one, but we've kinda known that unfirewalled Windows boxen on the net are a Bad Thing (tm). This hasn't changed, and it's not much more likely now for a worm to run rampant through everything that it was in the past - it'll happen, it'll suck, and everyone will do the same fire drill as every other time it happened. And a few, bright IT departments will switch to FreeBSD or similar for their external machines or put up a bloody firewall.

  • by simetra (155655) on Friday August 01, 2003 @11:56AM (#6588740) Homepage Journal
    Is there a utility/app/shareware thing that will tell you what process on WinNT/2K/XP is associated with whatever ports are active? Thanks. Really, I mean that.

  • by Captain Large Face (559804) on Friday August 01, 2003 @12:30PM (#6589044) Homepage
    Perhaps all it needs is a big hug? I know we all call Microsoft a massive anti-competative tool of the Devil, but these comments do HURT.
  • by Mr_Icon (124425) * on Friday August 01, 2003 @01:47PM (#6589838) Homepage
    DHS warns about Windows.
    I see.
    Did their solution involve duck tape and plastic sheeting?

    (Though I must admit, after about 20 minutes the computers protected this way will be VERY secure. :))
  • by frovingslosh (582462) on Friday August 01, 2003 @02:31PM (#6590304)
    I have right here a computer that is much more powerful that the million dollar plus CDC computer that provided services to my entire University when I went to school. It's more powerful than the 90 user time sharing system I was in charge of for another university. But the Internet is safe from having all of this potential computing power unleashed against it. Why? Because I hobble that dangerous computing power with Microsoft(R) brand software! Yes friends, that's right. No matter how powerful your computer is, you can rest assured that it can do little harm on the 'Net when it's running Microsoft(R) brand software, the software that not only opens security vulnerabilities but makes your system so slow that it just can't do much harm to the rest of the 'Net. And , as an added bonus, my Microsoft(R) software crashes frequently, so I reboot it often and just maybe that might eliminate or at least confuse some exploits. And when a world full of computers are crashing several times a day, it's just that much harder for exploits to find ones that are up long enough to exploit. And any exploit is likely to be minimally more inconvenient that running the Microsoft(R) software in the first place.

    Don't unleash your powerful computer on the Internet. Tame it with Microsoft(R) brand software today.

  • Scanning != virus (Score:3, Insightful)

    by intermodal (534361) on Friday August 01, 2003 @02:53PM (#6590521) Homepage Journal
    Did anyone else notice that they equated scanning to cracking? While I know that's certainly one of the possible preludes to attacks, it's certainly not a definite. I've used scanners quite legitimately more than once (checking what was visible from outside a firewall for my father in law, and testing to see if a non-responding server that I myself was responsible for even had its services running, despite it not being at my present locality). The internet was built to be open initially, and while it's understandable that it now needs security, people need to realize there's more to the internet than ports 80 and 6667, (plus those ones that most users don't ever see, like their port 25 services or port , ). There is far more to networking than HTTP, and the internet is a network.

    It's getting to where knowledge is a crime, and while I feel it would be prudent to learn more and more about computer security, I fear that merely knowing it might make me liable to be wrongly prosecuted. There's just come to be so many legal barriers or poltergeists that it just carries too great of risks for the curious to enter the field.
  • by gad_zuki! (70830) * on Friday August 01, 2003 @06:41PM (#6592469)
    Wow, a malicious worm. I'm completely bewildered by the fact that melissa, code red, etc didn't have a seriously nasty payload. It seems like the virus authors just wanted propagation for bragging rights. It wouldn't be so tough to write a function that will corrupt the registry or start formatting important parts of the disk after x amount of hours.

    Windows has yet to see a serious threat by a popular worm and when it does there will be a lot of heat on Microsoft, whether they deserve it or not. "Wintel everywhere" is a classic eggs in one basket gambit and heads are going to roll if 1/3rd of all computers on the internet suddenly refuse to boot up again. Something like 40% (?) of all computers on the net are not behind a firewall and who knows how many are patched.

    What I'm afraid of is that if something this bad and on this scale happens then DRM will go from controversial content protection to a Tom Ridge mandated upgrade. Your computer WILL download the newest patch and you will not rip MP3s from the newest Shania Twain CD or face the consequences (ISP banning you, fines, etc).

"Love is an ideal thing, marriage a real thing; a confusion of the real with the ideal never goes unpunished." -- Goethe

Working...